New EFDPO Position Paper on the Reform of the GDPR Published

On 15 July 2025, the European Federation of Data Protection Officers (EFDPO) published its Position Paper on the Reform of the General Data Protection Regulation (GDPR).

With this paper, EFDPO contributes to the ongoing political and expert debate surrounding the evaluation and future development of the GDPR. Drawing on the practical experience of its members across Europe, the paper outlines key proposals to strengthen legal certainty, improve enforcement mechanisms, and ensure the continued relevance of data protection in a rapidly evolving digital landscape.

Our Core Proposals

Risk-based data protection with uniform application and practical implementation through “Privacy by Design” as a mandatory obligation for manufacturers:

• Manufacturers must share responsibility for compliance alongside the controller and the processor.
• Manufacturers may only offer products and services that can be used in a GDPR-compliant manner (“Privacy by Design”).
• This compliance must be demonstrably ensured by the manufacturer.
• Products and services must be pre-configured to be as data protection-friendly as possible (“Privacy by Default”).
• The role of the Data Protection Officer (DPO) must be expanded to relieve especially small and medium-sized enterprises (SMEs) of compliance burdens and risk management tasks.