Survey: Companies complain about too much effort with data protection
A survey shows that implementing data protection regulations is increasingly weighing on companies. Smaller companies are particularly affected, says Bitkom.
(Image: peterschreiber.media/Shutterstock.com)
German companies feel increasingly burdened by data protection regulations, according to a survey conducted by the digital association Bitkom. According to the survey, 97 percent of respondents complained of a high or even very high level of effort involved in implementing data protection regulations. A year ago, this figure was 94 percent.
53% of the companies surveyed reported an increase in effort, with 16% even reporting a sharp rise. Only 30 percent reported that the bureaucracy involved in data protection had remained the same, and none of the companies surveyed spoke of improvements in this area. According to Bitkom, 603 companies with 20 or more employees in Germany from all sectors were included in the representative survey.
According to Bitkom, data protection requirements are a particular burden for smaller companies. For example, 45 percent of companies with 20 to 99 employees complain of very high costs, compared to only 38 percent of companies with 500 or more employees. “We have created far too much complexity in data protection, with numerous supervisory authorities and different interpretations,” commented Bitkom President Ralf Wintergerst on the results of the survey. He called for the documentation and reporting obligations to be significantly reduced.
EU Commission wants to relax rules
At EU level, there is now also movement on the question of whether there should be a relaxation of data protection requirements. In May, the EU Commission published a draft to streamline the GDPR: Companies with up to 749 employees are to be essentially exempt from GDPR documentation obligations.
Videos by heise
Consumer advocates and NGOs warned of a possible softening of the GDPR with this reform. However, the EU Commission's proposals do not go far enough for Bitkom. The risk classification of the processing activity should be the decisive factor for the documentation obligation, not the size of the company, the association demands. Measures such as standard templates and clearer rules for data subject requests are also needed.
(axk)
