Six theories for reducing the costs of bureaucracy in Europe

13 June 2023, Munich. At the conclusion of its empirical research project, the Foundation for Family Businesses is presenting a position paper on the costs of bureaucracy in Europe. In it, the researchers from the Centre for European Policy Network (CEP) and Prognos AG argue for a change of perspective towards regulatory enforcement: How can a company in the EU be enabled to behave lawfully in the least complicated way possible? What practical measures would help to reduce the workload and make reporting obligations more manageable for companies?

At the conclusion of its empirical research project, the Foundation for Family Businesses is presenting a position paper on the costs of bureaucracy in Europe. In it, the researchers from the Centre for European Policy Network (CEP) and Prognos AG argue for a change of perspective towards regulatory enforcement: How can a company in the EU be enabled to behave lawfully in the least complicated way possible? What practical measures would help to reduce the workload and make reporting obligations more manageable for companies?

User-orientated design of digital solutions

The researchers believe that a lot could be gained in the short term if the design of digital solutions was strictly user-focused and the cost of gathering information was not so consistently high. And as for the well intentioned exemption rules, less would actually be more.

The scientists base this on conclusions from the comprehensive research project of the Foundation for Family Businesses, whose fourth and final part is being unveiled today. The project encompasses four individual investigations into the A1 certificate, the Posting of Workers Directivethe Posting of Workers Directive, the transparency register and – now – the General Data Protection Regulation (GDPR).

Easy to create standard templates with tick boxes

The GDPR, a set of standards comprising 99 articles and 173 explanatory recitals, has been in force for exactly five years. The latest study finds that it is extremely time-consuming for companies operating internationally to comply with the different requirements in the individual member states in detail and to determine the right course of action in each case. This even though harmonisation of the required disclosures and working with tick boxes in set templates would be very easy to realise.

Based on a large number of interviews, the empirical study conducted by CEP and Prognos examines four EU member states: Germany, France, Italy and Austria, looking into regulatory complexity and the economic cost in business practice.

Unclear definitions of processing activity and data breach

By way of example, the researchers considered the administrative effort resulting from the obligation to keep “records of processing activities” (Article 30 GDPR) containing the purposes of processing, the type of data, data transfers to third parties or time limits for erasure.

But what exactly is a processing activity? To what extent is abstraction allowed? Austria and Italy largely leave companies on their own when it comes to a definition. Which activities have to be listed at what level of detail, and with what additional information? The answer to that differs from country to country. In some cases, no guidance is provided at all – or the guidance is not consistently clear. Advice from the respective data protection authorities also varies hugely.

Time-saving online solutions desired for the entire EU

Companies are similarly lost in terms of “notifications of a personal data breach” (Article 33 GDPR). Here, the range of information each country asks for is subtly different, sometimes more, sometimes less than what is required by the Regulation. Companies in France face a particularly burdensome task. They cannot save their entries during the reporting procedure, meaning that every change will take them back to the beginning. The companies surveyed want standardised, time-saving online solutions throughout the EU.

Prof. Kirchdörfer, Executive Board member of the Foundation for Family Businesses: “Family businesses have always advocated responsible handling of sensitive data. But this has to be possible without excessive red tape. Each country, and even each federal state, wants to make its mark here, turning data protection into a burden, driving up costs unnecessarily and making our companies less competitive.”