Hamburg-based security company TeamDrive: “Security of company IT more important than data protection”

Hamburg, 16 April 2019 – Over 80 percent of the German economy has implemented the Basic Data Protection Regulation (GDPR) only inadequately or incompletely. A recent study by the Hamburg security company TeamDrive almost one year after the GDPR came into force in May 2018 has revealed this.

According to the study, which is based on a survey of 100 predominantly medium-sized companies, 20 percent of the surveyed specialists and managers are of the opinion that only half of the companies fully meet the requirements of the GDPR. A good quarter assume that only every third company fully complies with the regulations on the protection of personal data. According to one third of the respondents, only 20 percent of the companies in Germany fully comply with the basic data protection regulation, so that a review would not reveal any serious security gaps.

The TeamDrive study also suggests the conclusion that the protection of their own IT infrastructure against hacker attacks, for example, is much more important to the economy than the law-abiding observance of data protection. Only one third believes that the GDPR has made the digital world safer. More than half (52 percent) of the specialists and managers contacted answered the question “How secure are data in Germany? Not even half (44 percent) of the respondents estimate that the GDPR will significantly increase IT security. 38 percent attribute a slight contribution to strengthening IT security to the extensive data protection according to GDPR. In addition, two thirds believe that since the introduction of the GDPR about a year ago, companies have been paying more attention to IT security measures than before. However, 71 percent are of the opinion that IT security must be guaranteed above all by the state. Around 60 percent consider IT security to be a political rather than a technical problem. More than three-quarters (76 percent) of the specialists and managers surveyed by TeamDrive believe in any case that the economy will continue to invest more in IT security.

Protection of corporate IT more important than data protection

The study identifies end-to-end encryption as by far the most important measure by companies to strengthen data security. 60 percent of respondents believe that end-to-end encryption is the most effective way to ensure data security. However, more than one third (34 percent) believe that the prerequisite for this is at the same time the use of a zero-knowledge system, in which even the company’s internal computer and software systems do not know the encryption code. Almost half (48 percent) also rely on so-called two-factor authentication: each data access requires confirmation via a second device; for example, in addition to the password on the computer, a PIN confirmation via smartphone is also required.

Despite all their awareness of data protection and security, more than half of those surveyed by TeamDrive (56 percent) consider the punitive requirements introduced by the GDPR for breaches of data protection to be unreasonably high.

“Companies are willing to invest in IT security, although data protection is only one aspect among others. In return, however, business expects the state to assume its responsibility for IT security instead of overpaying companies for minor violations,” sums up Detlef Schmuck, Head of Studies and Managing Director of TeamDrive.