Bitkom study: Companies rely on international data transfers

Contents

More than six out of ten companies in Germany (62 percent) transfer personal data to countries outside the European Union. This is according to a survey by the industry association Bitkom, in which 603 companies with at least 20 employees participated. The transfers are predominantly to external service providers (45 percent), business partners (41 percent), and intra-group units (19 percent).

Nearly all of these companies use international data transfers to access cloud services (96 percent) and communication systems such as video conferencing (90 percent). Two-thirds (66 percent) rely on global service providers, for example, for around-the-clock security support. Other stated reasons include billing services and database management (38 percent), company locations outside the EU (31 percent), and international research and development cooperations (18 percent).

USA most important destination country for data transfers

The most important destination country for data transfers outside the EU named by the companies is the USA: 61 percent of companies that transfer personal data to third countries send data there. Great Britain (43 percent), India (24 percent), Japan (13 percent), and China (12 percent) follow in the subsequent places. No surveyed company transfers personal data to Russia.

As a legal basis for the transfers, 80 percent of companies use Standard Contractual Clauses (SCCs), 23 percent Binding Corporate Rules (BCRs), and 21 percent the EU-US Data Privacy Framework (DPF). Twelve percent rely on the consent of the data subjects. Remarkable: 19 percent of companies state that they are currently still adjusting or discussing how to deal with the discontinuation of previous regulations for their data transfers.

Renunciation would lead to massive disadvantages

According to the surveyed companies, a renunciation of the processing of personal data outside the EU would have serious consequences: 75 percent expect immediately higher costs, 71 percent fear competitive disadvantages compared to competitors from non-EU countries. 66 percent warn that global supply chains would no longer function. More than half (57 percent) state that they would no longer be able to offer certain products or services, and a quarter (25 percent) expect poorer quality.

Half of the respondents (50 percent) fear the end of global security support. 29 percent would have to restructure group-wide data processing, and 23 percent fear a setback in innovation competition. According to Bitkom, not a single company sees no negative consequences of a renunciation.

“International data transfers are indispensable for a global economy,” said Susanne Dehmel, member of the Bitkom executive board, in the announcement of the current study. At the same time, the often unclear legal situation unsettles many companies. The discussion about data transfers is “not just about which software is used.” Furthermore, an end to international data transfers would have “immediate and massive consequences for the competitiveness of the German economy.”

Demand for more legal certainty

78 percent of the surveyed companies wish for more legal certainty from politicians regarding international data transfers. The Bitkom survey is part of a broader debate about the modernization of the General Data Protection Regulation (GDPR). In another Bitkom survey from December 2025, 76 percent of companies called for a reduction in documentation obligations, and 73 percent want the prohibition with permission requirement to be abolished.

In addition to European data protection requirements, new regulations from the USA are being added for companies. Starting January 1, 2026, California will require new data security and risk assessments from European companies as well. Legal violations can be punishable under US federal law. The Professional Association of Data Protection Officers of Germany (BvD) and Bitkom launched a joint initiative in September 2025 to modernize the GDPR, aiming for less bureaucracy while maintaining a high level of protection.

(fo)