GDPR at the last minute?

Based on a current data collection from our company index on April 30, 2018, only 10,775 companies from Germany have modified their data protection declaration in response to the new General Data Protection Regulation (GDPR). The evaluation indicates that micro-enterprises in particular are struggling to implement the more extensive requirements. Companies with business models in which data and data exchange play a critical role take advantage of the opportunity to proactively adapt their data protection.

About Implisense: The Berlin-based start-up Implisense is one of Germany’s leading providers in the field of B2B lead generation. Our text mining procedures analyze online content for all companies listed in the commercial register and located in Germany. The data obtained are assigned to the companies as structured characteristics and thus enable to identify, evaluate and observe potential business partners, customers or competitors from a new perspective.

Develop data protection declaration in the team

The General Data Protection Regulation is approaching and putting pressure on many companies. Serious penalties linked to company turnover are imminent. At the same time, the new requirements, for example in the areas of documentation, data security and transparency, should not be underestimated. It is not uncommon for managing directors, authorised signatories or data protection officers to sit in front of never-ending checklists, create biblically-sized documentations, and finally make a revised data protection declaration of often far more than 10 pages available.

After all, the fair use of personal data by the private sector is an issue that society and legislation must constantly keep up with in times of drastically developing information technologies.

Analysis of companies with a GDPR updated privacy policy

Against this background, Implisense has investigated how many companies are highly likely to have already addressed this issue and updated their data protection agreements. For this purpose, we have calculated the distribution of relevant signal words – such as the direct reference to the now applicable European Directive, synonyms (e.g. GDPR, General Data Protection Regulation and the German term DSGVO), and typical formulations – on company websites. The occurrence of the indications was then faceted with a view to other company characteristics, such as industry affiliation and size, in order to identify the associated characteristics.

Only one of 50 companies has adapted the data protection declaration

Even if the possible additional costs of implementing the new regulation are taken into account, the result is surprisingly clear. Our analysis suggests that only 10,775 companies have references to an adapted data protection declaration. This is all the more remarkable with a total of approximately 593,337 active companies registered in the commercial register and with sufficient data. This corresponds to approx. 1.8% or 1 of 50 companies.

A potential aspect can already be anticipated when looking at the distribution of these companies over the size of the company. Smaller companies in particular are struggling with the new requirements. For example, we estimate that micro-enterprises account for around 69% of the total. For companies with GDPR references, this shrinks to 61%. Large enterprises, on the other hand, are almost twice as often represented as in the total volume at 3%. The following graph compares the size distribution of companies in the population (left) with the estimated distribution of companies with updated data protection declaration (right).

Graph GDPR adapted data protection declaration according to company size and distribution of all companies according to size
Overall distribution by company size (left) and GDPR update by company size (right)

The potential link between company size and data protection update suggests that certain industries and business models could also be more strongly associated with it. The graph below shows industries that are disproportionately frequently represented in the hits (top 20 in order; WZ 2008) and their absolute number of hits.

Graphic GDPR Data protection declaration distribution by industry
Number of companies with GDPR updated privacy policy by industry.

The IT sector, for example, is most over-represented (J62). With 2,732 hits, these also account for the bulk of companies with an updated data protection declaration. Other sectors with data- and communication-intensive business models dominate the list, e.g. IT service providers (J63), the retail sector (G46, G47), lawyers (M69), financial service providers (K64) and consulting firms (M70). So if companies have updated their data protection, it is probably only because an extreme amount of data is generated on the basis of their business model. Slightly unexpectedly, the crafts (F43), electrical engineering (C26) and metal production (C25), as well as the education sector (P85) are to be found in it.

Exemplary hits on companies with updated data protection declaration from a greatly simplified analysis can be viewed directly on our platform Companies and Markets:

Sample hits GDPR in trade

Sample hits GDPR in electrical engineering

Sample hits GDPR in education

Sample hits GDPR in metal production

The lists of example companies for example quickly show that companies from the education sector often offer training measures in the field of DGPR and are therefore assigned to this topic.

For further exploration of these sub-segments, we invite you to test Implisense Pro free of charge. The filter and search criteria used for the analysis, such as segmentation by size, as well as the entire hit lists can be viewed and further narrowed down using additional criteria, e.g. region. Test the functionality here.


Our small analysis to identify companies that have already dealt with the GDPR is based on probabilistic methods and is therefore not necessarily representative. It covers companies that are only highly likely to have already done their homework on the General Data Protection Regulation.

It can also be further refined. As the example of training providers in the field of GDPR shows, e.g. by excluding certain sectors from the analysis. Finally, it does not necessarily state that existing data protection policies at companies that were not in the hit list are not already professionally designed and may only need to be formally adapted. In our opinion, the effects of these restrictions cannot call into question the basic findings of the evaluation.

Only a fraction of companies in Germany are finally prepared for the General Data Protection Regulation a few weeks before the implementation deadline expires. There is evidence that micro-enterprises in particular find it more difficult to ensure implementation. If so, then companies with particularly data-intensive and communication-intensive business models tend to implement the new data protection regulations. The question is, what business models in the age of digitization can still afford not to work with data to an appropriate extent?

What is your company’s position regarding the implementation of the GDPR? How many of your competitors already have visible indications of the implementation of the new amendment on your website? Our freely-searchable platform Companies and Markets is available here to help you assess these further questions.

New in Implisense Pro: Persons, corporate purposes, improved visual appearance

We are proud to present some news in our Software-as-a-Service solution Implisense Pro:

Integration of current persons in more than one million companies

Implisense Pro is Germany’s first customer search engine with built-in recommendation function for the next B2B customers. From now on, recommendations will also be made for people in the target companies. Discover more than a million people who are allowed to trade on behalf of companies and, if applicable, appear publicly on the company website with a management function. By linking to the LinkedIn and Xing search, you can easily check who is involved in new orders or requests.

Useful questions are: Which persons should you know by name and, if necessary, name in the conversation, since they may decide on the budget? Who is expected to sign the bills? Who is responsible for your topic at the target company?

Corporate purposes

Our customers greatly appreciate the opportunity to segment companies based on established industry codes. However, many of them find that they sometimes deviate from the company’s own activities. In the past, credit agencies used to classify industries in a mostly manual process. This is expensive and prone to errors. We have therefore spent several months researching a new solution to automatically classify companies at any time based on their self-formulated business activities in the official corporate purpose as well as on the analysis of the company’s websites. And this again at any time as soon as the data changes. In this technical blog post we have provided further explanations for interested persons.

Your advantage: Up-to-date revisions of the industry codes of all companies, a compact understanding of the company’s activities for the customer dialogue

Improved visual appearance

In the coming weeks and months, we would also like to offer you improvements in appearance and user guidance. The first step in this direction has now been taken. The most noticeable aspect is that there is only one “home”page, which you can reach from everywhere by clicking on the Implisense logo in the upper left corner. The functionality of the home and list pages that existed before was too similar in our opinion, so we combined them for you. The search function is now available above the recommendation. We have also made the colour scheme more friendly.

Are you interested? Then simply request a free trial access for 14 days here.
Do you already have an account? Then log in here to test the new features.