ZVEI – Prohibition principle of the GDPR no longer suitable for data-driven economy

  • Five years of the General Data Protection Regulation: comprehensive legislative reform needed
  • Support data-based innovations, don’t block them


“The categorical prohibition principle of the GDPR in its current form no longer suits a modern, data-driven economy. This is especially true in connection with the future EU Data Act, which is intended to accelerate data processing and data exchange,” says Wolfgang Weber, Chairman of the ZVEI Board of Directors, commenting on the General Data Protection Regulation (GDPR), which came into force exactly five years ago.


The GDPR was intended to strengthen the protection of personal data and the individual’s right to informational self-determination. In addition, unequal conditions of competition were to be dissolved and a level playing field in terms of data protection law was to be created for all EU market participants.

In practical application, however, the GDPR does not fully meet the goal of establishing uniform data protection regulations and more legal certainty in the EU. Not least for this reason, the ZVEI is calling for a fundamental reform of the law in order to resolve the existing legal uncertainties and remove obstacles to innovation for companies.

“Legal certainty must finally be created, especially in the area of international data transfer. Court-proof adequacy decisions with non-EU states and the use of binding internal data protection rules, so-called Binding Corporate Rules (BCR), for companies must be made possible.”


In addition, the ZVEI calls for clearer regulations that more strongly support the use of data by anonymising personal data, for example in the form of legal definitions and more options for processing pseudonymised data. Especially in areas with a high level of data exchange such as medical technology or the energy sector with smart meters, this would lead to real added value.

For the data-driven electrical and digital industry, the exchange and use of data is essential to bring new technologies and innovations to the market.

“The cooperation of national supervisory authorities must be fundamentally improved and made more efficient in order to speed up procedures. Only in this way can we quickly put their decisions into practice,” Weber points out another current weakness in the uniform enforcement of the GDPR.

EMR Analysis


More information on ZVEI: See the full profile on EMR Executive Services

More information on Wolfgang Weber (Chairman of the Executive Board, ZVEI): See the full profile on EMR Executive Services

More information on Dr. Gunther Kegel (President, ZVEI): See the full profile on EMR Executive Services


More information on The General Data Protection Regulation (GDPR): https://gdpr.eu/ + The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.

With the GDPR, Europe is signaling its firm stance on data privacy and security at a time when more people are entrusting their personal data with cloud services and breaches are a daily occurrence. The regulation itself is large, far-reaching, and fairly light on specifics, making GDPR compliance a daunting prospect, particularly for small and medium-sized enterprises (SMEs).


More information on The EU Data Act: https://www.eu-data-act.com/ + The European Data Act makes more data available for use, and sets up rules on who can use and access what data for which purposes across all economic sectors in the EU.

According to Article 1, Subject matter and scope (proposal 23.2.2022):

1. This Regulation lays down harmonised rules on making data generated by the use of a product or related service available to the user of that product or service, on the making data available by data holders to data recipients, and on the making data available by data holders to public sector bodies or Union institutions, agencies or bodies, where there is an exceptional need, for the performance of a task carried out in the public interest:

2.This Regulation applies to:

  • (a) manufacturers of products and suppliers of related services placed on the market in the Union and the users of such products or services;
  • (b) data holders that make data available to data recipients in the Union;
  • (c) data recipients in the Union to whom data are made available;
  • (d) public sector bodies and Union institutions, agencies or bodies that request data holders to make data available where there is an exceptional need to that data for the performance of a task carried out in the public interest and the data holders that provide those data in response to such request;
  • (e) providers of data processing services offering such services to customers in the Union.


More information on Binding Corporate Rules (BCR): https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/binding-corporate-rules-bcr_en#:~:text=Binding%20corporate%20rules%20(BCR)%20are,group%20of%20undertakings%20or%20enterprises. + Binding corporate rules (BCR) are data protection policies adhered to by companies established in the EU for transfers of personal data outside the EU within a group of undertakings or enterprises. Such rules must include all general data protection principles and enforceable rights to ensure appropriate safeguards for data transfers. They must be legally binding and enforced by every member concerned of the group.

More information on The European Union: https://european-union.europa.eu/index_en + The European Union’s institutional set-up is unique and its decision-making system is constantly evolving. The 7 European institutions, 7 EU bodies and over 30 decentralised agencies are spread across the EU. They work together to address the common interests of the EU and European people.

In terms of administration, there are a further 20 EU agencies and organisations which carry out specific legal functions and 4 interinstitutional services which support the institutions.

All of these establishments have specific roles – from developing EU laws and policy-making to implementing policies and working on specialist areas, such as health, medicine, transport and the environment.

There are 4 main decision-making institutions which lead the EU’s administration. These institutions collectively provide the EU with policy direction and play different roles in the law-making process:

  • the European Parliament (Brussels/Strasbourg/Luxembourg)
  • the European Council (Brussels)
  • the Council of the European Union (Brussels/Luxembourg)
  • the European Commission (Brussels/Luxembourg/Representations across the EU)

Their work is complemented by other institutions and bodies, which include:

  • the Court of Justice of the European Union (Luxembourg)
  • the European Central Bank (Frankfurt)
  • the European Court of Auditors (Luxembourg)

The EU institutions and bodies cooperate extensively with the network of EU agencies and organisations across the European Union. The primary function of these bodies and agencies is to translate policies into realities on the ground.

Around 60,000 EU civil servants and other staff serve the 450 million Europeans (and countless others around the world).

Currently, 27 countries are part of the EU: https://european-union.europa.eu/principles-countries-history/country-profiles_en

More information on The European Commission: https://ec.europa.eu/info/index_en + The Commission helps to shape the EU’s overall strategy, proposes new EU laws and policies, monitors their implementation and manages the EU budget. It also plays a significant role in supporting international development and delivering aid.

The Commission is steered by a group of 27 Commissioners, known as ‘the college’. Together they take decisions on the Commission’s political and strategic direction.

A new college of Commissioners is appointed every 5 years.

The Commission is organised into policy departments, known as Directorates-General (DGs), which are responsible for different policy areas. DGs develop, implement and manage EU policy, law, and funding programmes. In addition, service departments deal with particular administrative issues. Executive agencies manage programmes set up by the Commission.

Principal roles in law: The Commission proposes and implements laws which are in keeping with the objectives of the EU treaties. It encourages input from business and citizens in the law-making process and ensures laws are correctly implemented, evaluated and updated when needed.

More information on Ursula von der Leyen (President, The European Commission): https://ec.europa.eu/commission/commissioners/2019-2024/president_en + https://www.linkedin.com/in/ursula-von-der-leyen/