Study in collaboration with The Legal 500: “The GC Guide to the GDPR”.

Study: Less than half of all German companies are prepared for the new EU General Data Protection Regulation

In a survey conducted by The Legal 500 and KPMG Law between November 2017 and February 2018, only 46 percent of surveyed Head of Law indicated that their company had already done enough to be compliant with the General Data Protection Regulation (GDPR). The new regulations for data protection in companies come into force on May 25.

The study combines a survey of around 450 in-house lawyers with in-depth, structured interviews with more than 30 heads of legal in companies. It discusses the level of preparedness and the risks and opportunities that the new regulation poses for companies and institutions. As a result, a considerable need to catch up is revealed.

For example, less than ten percent of respondents believe that employees in their companies are aware of their data protection obligations under the GDPR and national legislation. “This is an alarming number,” says Dr. Konstantin von Busekist, Partner and Head of Compliance, Governance & Organization at KPMG Law. “As of May 25 of this year, increased documentation and transparency requirements apply, which affect almost all areas of the company, require a high level of implementation effort, and failure to comply is subject to significant fines.” Barbara Scheben, Partner at KPMG AG Wirtschaftsprüfungsgesellschaft in the area of Compliance & Forensic and Head of Data Protection adds: “Against this background, a considerable implementation delta is to be expected.

The respondents to the study see the following points in particular as the most important challenges posed by the GDPR:

• Implementation of measures within the entire company, not just in a single department
• Close integration of the legal department with all other corporate divisions
• Interpretation of legal requirements (principles instead of normative rules) without legal precedents.
• Complete understanding of and control over all IT systems, processes and data processing activities

At the same time, the unloved topic of the GDPR certainly offers opportunities, as Jan-Dierk Schaal, Senior Manager and Head of Technology, Media & Telecommunications at KPMG Law, points out: “A high level of data protection strengthens customer confidence and creates greater transparency about one’s own processes, which also limits risks in other areas of the company, such as the topic of bribery and corruption. Disciplined management of customer data can create opportunities to optimize communications and produce better service, especially through digital solutions.”

More info on the study can be found here.