Cross-border data transfer and data security regulations is a hot topic for our member companies. To gain a deeper understanding of the status and challenges in the compliance efforts, we recently conducted the flash survey “Cross-border Data Transfer Compliance”.
Key findings:
Several challenges lead to relatively slow progress of compliance:
Only 8% of companies which applied passed the review. 38 % of the survey respondent don't think that the law applies to them and more than 20% plan to fulfill their reporting obligations after the release of the “Draft Regulation" by the Cyberspace Administration of China.
Multiple application creates heavy workload for German companies:
Given that there is no restriction for each company choosing only one method of application, 42% try to make multiple compliance applications using several items.
Low transparency is the main challenge during the application process:
Half of the companies surveyed who applied see unclear regulatory requirements and the inability to keep up to date with the application progress as major concerns.
Multiple internal and external factors complicate data processing:
Vague definitions of important data (54%), unclear amount of data (50%) and heavy workload (50%) are the biggest challenges during the data processing for German companies.
Many companies are still in a wait-and-see-mode:
Two thirds of the companies that plan but have not yet started to apply think that they do not fall under the scope of the regulation and 56% wait for the release of the important data catalogue.
Companies suffer from heavy costs:
85 % of surveyed companies have already made some investment. The biggest impact of compliance with cross-border data transfer are additional compliance costs (70%) and increased communication costs & risks for communication with headquarters (57%).