A recent survey conducted by the German digital industry association Bitkom has revealed that a significant portion of German businesses are advocating for comprehensive reforms to the European Union's General Data Protection Regulation (GDPR). The findings highlight widespread concern within the business community regarding the administrative burden, legal uncertainty, and perceived obstacles to digital innovation imposed by current data protection rules.

According to the survey, which involved over 600 companies with at least 20 employees, nearly four out of five businesses support a fundamental revision of the GDPR at the European level. More than 70% of respondents favor specific relaxations of data protection requirements. Notably, 97% of the companies surveyed described the effort involved in complying with GDPR as high or very high.

Increasing Administrative Demands

The data indicates that the level of effort required for GDPR compliance has continued to rise. Approximately 69% of businesses reported an increase in data protection-related work over the past year, reflecting a growing trend observed in previous surveys. A majority of respondents--72%--believe that Germany enforces overly stringent data protection measures. This sentiment has increased compared to prior years. Furthermore, 77% of companies feel that data protection regulations are impeding the pace of digital transformation in Germany.

Key Compliance Challenges

Businesses identified several critical challenges associated with implementing GDPR. The most significant issues include the ongoing nature of compliance processes, with 86% indicating that data protection is a continual task. Additionally, 82% expressed uncertainty regarding the precise requirements set forth by the regulation. Regular assessments when introducing new digital tools and high demands related to documentation and technical implementation were also cited as main pain points.

More than half of the companies surveyed pointed to inconsistent interpretation of GDPR between EU member states and within Germany itself as problematic. A lack of practical guidance from supervisory authorities and instances of contradictory legal requirements were also frequently mentioned.

Calls for Specific Reforms

German businesses have outlined clear priorities for GDPR reform. About three-quarters support the reduction of mandatory documentation for processing activities, as well as the removal of the current consent-by-default model. Around 60% of respondents favor simplified use of pseudonymized data, more practical and accessible guidance from supervisory authorities, greater legal certainty in balancing interests, and fewer information obligations.

Over half of the surveyed companies are in favor of expanding opportunities for data processing without explicit consent and reducing the administrative effort required for mandatory data protection impact assessments. One-third would even support eliminating the requirement to appoint a dedicated data protection officer.

Criticism of Supervisory Bodies

The survey results indicate notable dissatisfaction with the role of data protection authorities. Around 69% of businesses feel that German regulators interpret GDPR too strictly. This has led to a tendency among companies to err on the side of excessive caution, with 62% admitting to implementing more comprehensive data protection measures than necessary out of concern for potential violations.

On the subject of regulatory structure, opinions are divided. A narrow majority of companies favor centralizing data protection oversight at the federal level in Germany, while a significant proportion remain opposed. Businesses generally agree, however, that improved resource allocation, clearer guidance, and more consistent enforcement across regions are needed.

Implications for Artificial Intelligence and Innovation

Concerns about GDPR's impact extend to the development and deployment of artificial intelligence (AI) technologies. A majority of companies--71%--believe that data protection regulations should be updated to reflect the specific demands of the AI era. Moreover, 63% fear that overly strict rules may drive AI innovation out of Europe, undermining the continent's position in the global digital economy.

Incidence and Consequences of Data Breaches

The survey also revealed that approximately one in four companies experienced a data protection incident within the past year. Of these, 19% reported a single incident, while 6% encountered multiple breaches. Just over half of affected businesses reported these incidents to authorities, while nearly one-third did not. The primary consequence was increased organizational workload, although some companies faced fines, loss of customers, or compensation claims.

As the debate over GDPR reform continues, the business community's call for a more practical, streamlined, and innovation-friendly approach to data protection remains a central issue in Germany's digital policy landscape.