The European General Data Protection Regulation is much discussed in recent days. Primarily, because the penalties for data breaches will be raised exorbitantly from May 25, 2018. Offenses against the GDPR are punished with money sentences, depending on the type of offense, in the amount of 10 m or 20 m or 2% or 4% of the international group revenue of the last year. The healthcare sector is particularly affected by the GDPR. A substantial part of the data processing activities concerns personal health data. They are covered by Article 9 GDPR as “special categories of personal data”. Thus, fulfilling the GDPR requirements, causes many technical and organizational challenges. This is no easy task, considering that the healthcare sector is under constant cost pressure, and legal uncertainty complicates the issue. This study draws attention to mentioned challenges and to the question, if companies are only focused on avoiding penalties or if they can find additional opportunities out of the GDPR-Compliance. There is further interest, whether a monetary assessment of the benefits of these chances was conducted, and whether costs and benefits were compared regarding a profitability assessment. These questions were analyzed in an empirical study with seven experts. With the help of methods of qualitative content analysis, the expert interviews were examined. The outcome shows that companies have focused on the avoidance of sentencing and that they have not yet determined any additional chances. In practice, no monetary assessments of the benefits and no profitability assessments have been conducted regarding GDPR-Compliance.