Menu
Spacious, empty auditorium with semicircular seating facing a central podium. Multiple rows of black chairs and desks. High, illuminated ceiling with white panels. Flags visible behind the podium, indicating an international setting. Large digital screen centered above.

MEPs back new procedures for faster GDPR cross-border enforcement

, , , ,

The European Parliament approved new rules to accelerate cross-border enforcement of the General Data Protection Regulation and clarify procedures and rights for national data protection authorities. The law specifies time limits for investigations led by a lead supervisory authority: investigations must conclude and a draft decision be submitted within 15 months, with a possible single extension of up to 12 months when complexity requires it. A simplified cooperation procedure shortens the timeframe to 12 months for cases with clear scope, no objections from other authorities, and where the lead authority has prior similar experience; national rules may allow further extension when subsequent domestic procedures are required.

The regulation promotes early consensus-building among national authorities and introduces an early resolution procedure for cases where an authority shows the infringement has stopped and the complainant does not object within four weeks. Complainants’ procedural rights are strengthened: they will have an opportunity to be heard before a decision is taken and will gain improved access to information about cross-border investigations. Member states may choose to provide even broader access rights beyond the minimums set by the new rules.

Rapporteur Markéta Gregorová (Greens/EFA, CZ) stated the regulation addresses long-standing enforcement issues in cross-border GDPR cases by setting clear deadlines, encouraging early consensus, and improving procedural fairness for both complainants and companies. The aim is to make the fundamental right to privacy easier to enforce across EU Member States by ensuring more timely and transparent cooperation between independent national data protection authorities.

The law must still be formally adopted by the Council. After Council approval and publication in the EU Official Journal, it will enter into force 20 days later and apply from 15 months after entry into force. The GDPR, applicable since 25 May 2018, remains the foundation for harmonised data protection rights and free flow of personal data in the EU, while public enforcement continues to rely on independent national data protection authorities cooperating on cross-border cases.

  • Save

Related Posts

Share via
Facebook
Twitter
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Copy link
CopyCopied