German businesses are escalating pressure for a reform of the European General Data Protection Regulation (GDPR), according to a recent survey by the Bitkom, the German IT industry association. The findings reveal a widespread discontent with the current legal framework, with a significant majority advocating for both a fundamental revision and lessening of its restrictive nature.
The survey, conducted among 603 German companies with over 20 employees, highlights a growing sense of overburdening. A staggering 79% of businesses are now urging the German government to actively promote GDPR reform at the European level, while 71% believe the regulation needs to be relaxed. Businesses report a constant and never-ending pressure to adhere to the rules, citing uncertainty surrounding specific requirements and the need for repeated system reviews as key challenges.
The perception that Germany is overstepping when it comes to data protection is becoming increasingly prevalent, rising from 64% a year ago to 72%. Critically, 77% of companies now believe GDPR is actively hindering digitalization efforts within Germany, a figure which has also seen a noticeable increase from 70% last year.
Beyond the regulatory burden itself, businesses are struggling with the practical application of GDPR. Internal challenges include the significant time commitment required for IT and system overhauls, the difficulty of communicating complex requirements to employees and a persistent shortage of qualified personnel to implement data protection measures. Financial constraints and a lack of support from within the company are also factors contributing to the problem.
The most desired changes primarily revolve around easing the regulatory load. A clear majority are calling for a reduction in documentation requirements concerning processing activities (76%), the abolition of the “permission-mandatory” approach (73%) and simplified utilization of pseudonymized data (63%). Furthermore, businesses advocate for mandatory, practical guidance from supervisory authorities (62%), improved legal clarity when balancing interests (61%), fewer information obligations (60%) and even the ability to process more data without explicit consent (54%).
The survey also casts a critical eye on the performance of Germany’s data protection authorities. A majority (69%) believe they apply GDPR too stringently, fostering a climate of overcaution where companies err on the side of excessive data security simply to avoid penalties. This perceived rigidity has led to 62% of businesses acknowledging they are proactively overstepping when it comes to data protection. Additionally, there’s cautious support for centralizing federal data protection oversight.
The survey’s findings are underscored by the reality of data protection breaches, with approximately one quarter of companies acknowledging such incidents in the past year. Most companies have reported these breaches to authorities, but the consequences – often including significant organizational effort and financial penalties – are impacting operational efficiency and, in some cases, leading to customer attrition and reputational damage.
The findings from Bitkom Research underscore a brewing crisis: a regulation intended to safeguard individual data is, in many cases, stifling innovation and placing unsustainable burdens on German businesses, prompting a growing chorus of calls for comprehensive reform and a recalibration of the GDPR’s implementation.
