In a significant milestone for EU data governance, the Council of the European Union and the European Parliament reached a provisional agreement on the long-awaited GDPR procedural regulation, aiming to improve the handling of cross-border data protection complaints and speed up enforcement.
The regulation will enhance cooperation between national data protection authorities (DPAs) and streamline administrative procedures under the General Data Protection Regulation (GDPR), in force since 2018. Krzysztof Gawkowski, Poland’s Deputy Prime Minister for Digital Affairs, hailed the agreement as "a big step towards improving cooperation between national data protection bodies when they enforce citizens' rights."
Key Features of the New Regulation
1. Harmonized Admissibility Criteria
The regulation introduces standardized rules for determining the admissibility of cross-border complaints across all EU member states. This ensures consistency in how complaints are assessed, regardless of where they are filed.
2. Rights of Complainants and Investigated Parties
Both complainants and organizations under investigation will benefit from clearer procedural rights. The complainant must be informed and allowed to be heard if their case is rejected. Likewise, companies under investigation will have the right to respond to preliminary findings before any final decision is made.
3. Binding Deadlines for Investigations
New deadlines aim to speed up investigations:
- 15 months for regular cases (extendable by 12 months for complex ones)
- 12 months for simple cooperation procedures.
This will help prevent drawn-out investigations that have been a key criticism of the current system.
4. Early Resolution Mechanism
An early resolution process will allow DPAs to resolve complaints swiftly if the issue has been addressed and the complainant agrees, avoiding the need for full cooperation procedures.
5. Simple Cooperation Procedure
The regulation introduces a "simple cooperation" pathway for less contentious cases. This will reduce administrative burden and facilitate faster resolutions when broad coordination between authorities is not needed.
Why It Matters
The regulation addresses one of the most persistent challenges in GDPR enforcement: the slow and fragmented handling of cross-border complaints. By clarifying roles, harmonizing processes, and introducing firm deadlines, the EU aims to improve legal certainty for businesses and ensure citizens' rights are enforced more efficiently.
This is particularly relevant for FEBIS members, many of whom operate in multi-jurisdictional data environments. The simplification and acceleration of cross-border GDPR complaint handling will be key in enhancing transparency and predictability for business information providers and their clients.
Next Steps
The regulation will now undergo formal adoption by both the Council and the European Parliament. Once adopted, it will enter into force across the EU, marking a new phase in the operationalization of the GDPR.
Press release: Data protection: Council and European Parliament reach deal to make cross-border GDPR enforcement work better for citizens - Consilium
Source: MLex
Write a comment