Regulation (EU) 2025/2518 on Additional GDPR Enforcement Procedures Published
The European Parliament and the Council have officially published Regulation (EU) 2025/2518, which establishes additional procedural rules for enforcing the General Data Protection Regulation (GDPR) in cross-border cases. These rules focus on the handling of complaints and the conduct of investigations by supervisory authorities when processing personal data across EU member states. The regulation aims to improve cooperation and efficiency among authorities to ensure consistent enforcement of the GDPR.
Under the new regulation, supervisory authorities must handle proceedings efficiently and work closely together. They are allowed to join or split cases as long as this does not affect the rights of complainants or the parties under investigation. Complainants are required to communicate only with the authority where they initially lodged their complaint. Every complaint must lead to a decision that can be reviewed by a court, and authorities may limit the length of submissions to speed up the process.
The regulation also outlines the necessary information for lodging a complaint and introduces an early resolution procedure. Chapter III focuses on cooperation procedures between supervisory authorities, as set out in Article 60 of the GDPR. Further, Chapter IV details the information to be included in administrative and cooperation files and the handling of confidential information. Chapter V specifies procedures for resolving disputes under Article 65 of the GDPR.
Finally, Chapter VI introduces an urgency procedure under Article 66(2) of the GDPR, which must be initiated no later than four weeks before the expiry of provisional measures adopted under Article 66(1). This procedure ensures timely action in urgent cases involving data protection violations. Overall, Regulation (EU) 2025/2518 strengthens the procedural framework for GDPR enforcement in cross-border situations, promoting greater clarity and cooperation among EU authorities.
