Ten Years of GDPR – An Interim Assessment of Data Protection in Companies
10 Years of the GDPR: A Business Perspective
Ten years after the General Data Protection Regulation (GDPR) entered into force, data protection has become a standard part of day-to-day business operations. At the same time, compliance costs remain high, legal uncertainty persists, and regulatory requirements continue to pose challenges for many companies. As businesses increasingly rely on digital technologies, cross-border data flows, and artificial intelligence, data-driven innovation is coming under growing pressure. This report examines key developments related to the GDPR from a business perspective and explores how data protection practices and challenges have evolved between 2016 and 2025. The analysis is based on representative surveys conducted by Bitkom Research among companies in Germany with 20 or more employees.
