The European General Data Protection Regulation (GDPR) is already more than four years old - and yet it is still causing many companies considerable headaches. Many of the requirements imposed by the regulation to protect individuals in the processing of personal data and to enable the free movement of data are anything but self-explanatory. Whether the regulation's stated goal of guaranteeing the fundamental rights and freedoms of natural persons, in particular their right to the protection of personal data, has been fulfilled since its entry into force remains questionable. After all, studies reveal: Many companies still have a lot of catching up to do. Only 61 percent of German companies have fully implemented data protection requirements. But why are many companies finding it so difficult to implement the GDPR? And how can these challenges be solved in the long term?

One regulation – many issues

There are many reasons why many companies need to take additional steps when it comes to the GDPR. In particular, the following aspects are criticized:

  • Uncertain legal interpretation: The interpretation of the GDPR has still not been conclusively clarified. New recommendations are constantly unsettling companies and turning the implementation of data protection into a permanent construction site. Well over two-thirds of German companies criticize this legal uncertainty. A full 77 percent are even of the opinion that full implementation of the GDPR is not possible at all.
  • Lack of support: Companies looking for support in implementing the GDPR are often disappointed when they contact the supervisory authorities. Thus, only every eighth company is very satisfied with the assistance offered. In particular, there seems to be a lack of support when it comes to practical implementation.
  • Strategic conflicts: Many companies see the GDPR as an obstacle to their strategy. Digitalization in particular is at the center of this. Around two-thirds of companies in Germany are convinced that data protection is hampering digitization. Perceived or actual friction with the GDPR in strategically important digitization projects does not contribute to its popularity. The GDPR is often seen as a hindrance to business and a brake on innovation. It is therefore hardly surprising that around six out of 10 companies consider data protection in Germany to be excessive.
  • Lack of awareness: There is still a lack of understanding of the importance of data protection in many areas of the company. Important: Every employee must do his or her part to protect personal data. To ensure this, overarching awareness measures and practical training are essential.

Creating a basis for finding solutions

Although the problems mentioned are not conclusive, it can be stated: The practical implementation of data protection in accordance with the GDPR remains a challenge even years after its entry into force. Regardless of who is responsible for the existing hurdles, it is up to companies to find solutions to overcome them. In doing so, it is important to meet all employees and managers in equal measure and to address uncertainties instead of tacitly accepting them. An open approach to the topic of data protection and a uniform understanding within the company are important foundations for contributing to the success of data protection and developing joint solutions for corporate practice.