European Union: Council and European Parliament reached an agreement on Regulation laying down additional procedural rules relating to the enforcement of GDPR

On 16 June 2025, the Council of the European Union and the European Parliament reached an agreement on the proposal for a regulation laying down additional procedural rules relating to the enforcement of the General Data Protection Regulation (GDPR). The proposed regulation aims to harmonise the criteria for assessing the admissibility of cross-border complaints and clarifies the rights of complainants and entities under investigation. The regulation establishes the same admissibility standards no matter where in the EU the GDPR complaint was filed. Both complainants and companies involved will have the right to be heard at specific stages of the investigation and will receive preliminary findings to express their views before a final decision is issued. The regulation will also guarantee complainants access to relevant procedural information and files. To prevent delays, the new regulation introduces binding deadlines. Investigations must be completed within 15 months, with a possible 12-month extension for complex cases. Simpler cases resolved through cooperation between national authorities are subject to a 12-month deadline. The agreement includes a simplified cooperation mechanism to handle straightforward cases efficiently, allowing authorities to avoid unnecessary administrative burdens. It also provides for early resolution of complaints when the infringement has been addressed, and the complainant does not object. Finally, the lead authority will be required to share summaries early in the process, helping build consensus and ensuring all involved data protection bodies can respond in a timely, informed manner.