Businesses cannot operate without international data transfers
- Two thirds transfer personal data to countries outside the EU
- Cloud services, communication and support are the main reasons
- Three quarters are calling on policymakers to provide legal certainty
Berlin, 9 January 2026 – Whether cloud platforms, video conferencing and collaboration tools or round-the-clock support: the vast majority of companies in Germany (62 per cent) transfer personal data to countries outside the EU. Almost half (45 per cent) transfer data to external service providers, 41 per cent to business partners for joint purposes, and 19 per cent to subsidiaries or other group entities. At the same time, 78 per cent are calling on policymakers to provide legal certainty for international data transfers. These are the findings of a survey of 603 companies with 20 or more employees conducted on behalf of the digital association Bitkom. “International data transfers are indispensable for a global economy. At the same time, the often unclear legal situation is creating uncertainty for many companies,” says Susanne Dehmel, member of Bitkom’s executive management.
Almost all companies that transfer personal data to non-EU countries do so in order to access cloud services (96 per cent) or communication and video conferencing systems (90 per cent). Two thirds (66 per cent) use global service providers, for example for 24/7 security support. Around one third (38 per cent) use services for billing or database management that involve transferring data to countries outside the EU. Thirty-one per cent have company locations outside the EU, and 18 per cent work with partners outside the EU, for example in research and development.
Doing without the processing of personal data outside the EU would have serious consequences for companies. Three quarters (75 per cent) would face immediate cost increases, 71 per cent competitive disadvantages compared to companies from non-EU countries, and two thirds (66 per cent) warn that global supply chains would no longer function. Fifty-seven per cent would no longer be able to offer certain products or services, while 25 per cent could do so only at a lower level of quality. Half (50 per cent) fear the end of their global security support. Twenty-nine per cent would have to restructure their group-wide data processing, and 23 per cent would fall behind in the competition for innovation. Not a single company sees none of these consequences. “The debate on data transfers is not about which software to use. An end to international data transfers would have immediate and massive consequences for the competitiveness of the German economy,” says Dehmel.
Data most frequently flow to the United States. Sixty-one per cent of companies that transfer personal data to non-EU countries transfer it to the US. The most commonly used legal basis for this are so-called Standard Contractual Clauses (80 per cent), followed by Binding Corporate Rules (23 per cent), the EU–US Data Privacy Framework (21 per cent) and consent (12 per cent). Nineteen per cent state that they are currently still adjusting their data transfers or discussing how to deal with the discontinuation of previous arrangements. After the United States, the United Kingdom is the second most important destination for data transfers at 43 per cent, followed by India (24 per cent), Japan (13 per cent), China (12 per cent), Ukraine (7 per cent), Turkey (6 per cent) and South Korea (5 per cent). No company transfers data to Russia.
