02.05.2018 | Deal Notifications, Press releases

Study in collaboration with The Legal 500: “The GC Guide to the GDPR”.

Study: Less than half of all German companies are prepared for the new EU General Data Protection Regulation

In a survey conducted by The Legal 500 and KPMG Law between November 2017 and February 2018, only 46 percent of surveyed Head of Law indicated that their company had already done enough to be compliant with the General Data Protection Regulation (GDPR). The new regulations for data protection in companies come into force on May 25.

The study combines a survey of around 450 in-house lawyers with in-depth, structured interviews with more than 30 heads of legal in companies. It discusses the level of preparedness and the risks and opportunities that the new regulation poses for companies and institutions. As a result, a considerable need to catch up is revealed.

For example, less than ten percent of respondents believe that employees in their companies are aware of their data protection obligations under the GDPR and national legislation. “This is an alarming number,” says Dr. Konstantin von Busekist, Partner and Head of Compliance, Governance & Organization at KPMG Law. “As of May 25 of this year, increased documentation and transparency requirements apply, which affect almost all areas of the company, require a high level of implementation effort, and failure to comply is subject to significant fines.” Barbara Scheben, Partner at KPMG AG Wirtschaftsprüfungsgesellschaft in the area of Compliance & Forensic and Head of Data Protection adds: “Against this background, a considerable implementation delta is to be expected.

The respondents to the study see the following points in particular as the most important challenges posed by the GDPR:

  • Implementation of measures within the entire company, not just in a single department
  • Close integration of the legal department with all other corporate divisions
  • Interpretation of legal requirements (principles instead of normative rules) without legal precedents.
  • Complete understanding of and control over all IT systems, processes and data processing activities

At the same time, the unloved topic of the GDPR certainly offers opportunities, as Jan-Dierk Schaal, Senior Manager and Head of Technology, Media & Telecommunications at KPMG Law, points out: “A high level of data protection strengthens customer confidence and creates greater transparency about one’s own processes, which also limits risks in other areas of the company, such as the topic of bribery and corruption. Disciplined management of customer data can create opportunities to optimize communications and produce better service, especially through digital solutions.”

More info on the study can be found here.


Explore #more

17.05.2024 | KPMG Law Insights

Podcast series “KPMG Law on air”: When the family business is to be sold

Around 38,000 family businesses are currently handed over each year. In most cases, the change of ownership takes place within the family. But more and…

03.05.2024 | KPMG Law Insights

Doubts about inability to work? What employers can do

The certificate of incapacity for work (AU certificate) serves as proof of incapacity for work due to illness. However, only if the certificate meets certain…

29.04.2024 | KPMG Law Insights

Agreement on ecodesign regulation: products to become more sustainable

After lengthy negotiations, the Council and Parliament of the European Union reached a provisional agreement on the Ecodesign Regulation on the night of December 5,…

27.03.2024 | KPMG Law Insights

EU Buildings Directive: life cycle greenhouse potential becomes relevant

On March 12, 2024, the EU Parliament approved the amendment to the EU Buildings Directive. The directive obliges member states and, indirectly, building owners and…

19.03.2024 | Business Performance & Resilience, KPMG Law Insights

CSDDD: Provisional agreement on the EU Supply Chain Directive

The EU member states agreed on the CSDDD, the EU Supply Chain Directive, on March 15, 2024. Germany abstained from the vote. Negotiators from the…

19.03.2024 | KPMG Law Insights

The AI Act is coming: EU wants to get a grip on AI risks

For many people, artificial intelligence (AI) is the great hope for business, healthcare and science. But there are also plenty of critics who fear the…

21.02.2024 | KPMG Law Insights, KPMG Law Insights

The Digital Services Act – what does it mean for companies?

The Digital Services Act (DSA) is a key component of the EU’s digital strategy and came into force on November 16, 2022. As a regulation,…

15.02.2024 | KPMG Law Insights

Data compliance management: How to implement it in practice

Part 3 of the article series “Professional tips for data compliance management”   The third part of this series of articles deals with data compliance

14.02.2024 | Business Performance & Resilience, PR Publications

Guest article in ZURe: Monitoring the implementation of the LkSG

The current issue of ZURe (p. 20 ff.) contains a guest article by KPMG Law Partner Thomas Uhlig (Head of General Business and Commercial Law),…

09.02.2024 | KPMG Law Insights

Podcast series “KPMG Law on air”: The employment law function

In almost all German companies, the employment law function is located in the HR department and not in the legal department. One of the reasons…


Dr. Konstantin von Busekist

Managing Partner
Leiter Global Compliance Practice
KPMG Law EMA Leader

Tersteegenstraße 19-23
40474 Düsseldorf

tel: +49 211 4155597123

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.