How Stricter Data Protection Regulations Impact Innovation in Firms


40 per cent of all firms in Germany state that the General Data Protection Regulation of the European Union has had an impact on their innovation activities.

40 per cent of all firms in Germany state that the General Data Protection Regulation of the European Union has had an impact on their innovation activities. Firms reacted by increasingly introducing incremental – step-by-step – innovations instead of radical innovations.

In May 2018, the EU General Data Protection Regulation (GDPR) came into force with the aim of giving consumers more control over their personal data. The GDPR applies to all firms within the EU; naturally, firms that operate large digital platforms have been particularly affected. The EU is thus taking a pioneering role in consumer data protection.

Until now, little was known about whether increased data protection influences entrepreneurial innovation behaviour. ZEW Mannheim investigated this together with the Technical University of Berlin for the period since the GDPR came into force. The study focused on the question of what kind of innovation is promoted or hindered by the regulation and how it has affected different types of firms. This was done on the basis of the Mannheim Innovation Panel (MIP), a representative innovation survey on innovation behaviour in the German economy (manufacturing and business-oriented services), which ZEW has conducted annually since 1993.

Call for Papers

The Impact of the EU General Data Protection Regulation on Innovation in Firms

GDPR does not affect the innovation activity of all firms

A look at the data shows that 40 per cent of the firms state that they are affected by the GDPR. The majority of them (35 per cent) say that the GDPR has made innovation more difficult. For 5 per cent of the firms, the GDPR has made innovation easier. The authors found that especially for firms with more than 1,000 employees the GDPR has impeded innovation. In contrast, the share of firms for which the regulation facilitated innovation was highest among firms with 500 to 999 employees.

Interestingly, the financial services and insurance sector has the highest share of firms whose innovations are negatively affected by the GDPR (59 per cent), while at the same time the share of firms whose innovations are made somewhat easier by the GDPR is also very high at 11 per cent. Financial service providers and insurers deal with a large amount of data, which could explain why the regulation is perceived as restrictive. However, trust, reputation and cybersecurity are also essential for the smooth functioning of financial services, which in turn explains the positive reactions to the GDPR.

Other sectors with a high proportion of firms that see the GDPR as an obstacle to innovation are printing and publishing, broadcasting and film (48 per cent) and consulting and advertising (43 per cent). In contrast, the sector with the highest proportion of firms that perceive the GDPR as favouring innovation is information and telecommunication services (15 per cent).

Innovations shift away from market novelties

As the empirical analysis shows, innovation activity has shifted after the GDPR came into force, away from market novelties towards incremental, step-by-step innovations that mean an improvement of an already existing product or service of a firm. This is true for all firms whose innovation activity has been affected by data regulation, whether for better or worse.

Among the firms whose innovations were hampered by the GDPR, the turnover share of products with incremental innovations, i.e. which were only new to the firm but not to the market, increased by 0.9 percentage points. The turnover share of market novelties fell by 0.6 percentage points.

Among the firms whose innovations, on the other hand, were boosted by the GDPR, the turnover share of products with incremental innovations increased by 3.3 percentage points, while the turnover share with market novelties decreased by 1.5 percentage points. In this group, small and young firms in particular benefited from the implementation of the GDPR.

The GDPR made it necessary for many firms to make adjustments to existing products and services in order to comply with the new regulation. Some firms took this opportunity to make innovative yet rather marginal changes to their products and services. At the same time, these adjustments consumed resources for innovation activities that were lacking for the development of actual new products (market novelties). In addition, some firms may have refrained from implementing radical innovations because they wanted to wait and see how the GDPR would be applied in practice.

Study sees need for further research

The authors of the study see a need for further research in future. Since the GDPR only came into force in 2018, the analysis by ZEW and TU Berlin only covers a very short period of time, namely the years 2018 to 2020. Therefore, only statements on the short-term effects of the data protection regulation can be made. How innovation behaviour will develop in future should be examined more closely in the following years.