The General Data Protection Regulation (GDPR) has been in force since 25.05.2018. For the first time, there are uniform regulations across Europe on how companies are allowed to handle personal data. How consumers and companies view the data protection rules after six years.
After the introduction of GDPR: consumers are more aware of how they handle their data
A representative survey commissioned by GMX and Web.de shows that six years after the General Data Protection Regulation came into force, 35 percent of Germans have already made use of their rights.
For example, 16 percent of Germans have already asked companies to delete their data or to stop processing it. Information about stored data has been requested by 11 percent. In each case, 9 percent have exercised their right to information or requested a copy of the stored data.
However, the cookie notices introduced on websites as part of the GDPR are causing frustration among consumers: 38% of Germans are annoyed by them. 37% of respondents reject all cookies if this is possible. 22% change their cookie settings and 21% accept all cookies with one click.
Overall, the introduction of the GDPR has heightened awareness of data protection.
High GDPR costs also bring benefits for companies
Companies also see the benefits of the General Data Protection Regulation.
According to a representative survey of around 1,350 companies in Germany conducted by ZEW Mannheim (March 2024), 41% of companies state that they have reviewed and optimized their processes. In 28% of companies, data processing procedures were standardized as part of this process. For a quarter of companies, the GDPR has led to increased legal certainty. The proportion of companies that believe that the GDPR has led to an increase in customer trust has also risen (from 12% to 20% compared to the last survey in 2020).
However, it is also true that the majority of companies rate the current effort required to comply with the GDPR as high. In addition, more than half of the companies report additional costs for employee training and an increased need for external advice.
Because incorrect implementation can be expensive. Serious data protection violations have been punished with significantly higher fines since the introduction of the GDPR in the EU. A record fine of 1.2 billion euros was imposed on Facebook parent company Meta alone in 2023.
Reading tip: The five highest fines in April 2024
6 years of GDPR: The use of new technologies such as artificial intelligence brings new challenges. Whether data protection opens up or slows down opportunities depends less on the rules themselves than on the way they are handled. But data protection is more necessary than ever.