The new law introduces several procedural and administrative improvements that will make enforcement of the GDPR faster, more consistent, and more transparent for citizens and organizations alike.

One of the most impactful changes is the harmonization of admissibility criteria for cross-border complaints. Under the new rules, a complaint filed anywhere in the EU will be assessed using the same standards.

The regulation also strengthens procedural rights. Complainants will have the right to be heard if their complaint is rejected, and clear rules will govern their involvement throughout the process. At the same time, companies or organizations under investigation will be given access to the preliminary findings before a final decision is taken, allowing them to provide comments and ensure a fair hearing.

To improve efficiency, strict deadlines have been introduced. Investigations must generally be completed within 15 months, with a possible 12-month extension for particularly complex cases. Simpler cooperation procedures—where coordination between authorities is minimal—should be resolved within 12 months.

An early resolution mechanism has been added to further speed up the handling of straightforward cases.

The agreement also provides tools to improve cooperation between authorities. For instance, lead authorities must now share a summary of key issues early in the process to help other data protection bodies align their views and avoid protracted disagreements. In straightforward situations, a simplified cooperation procedure may be applied, allowing national authorities to bypass the full procedural framework while still respecting fundamental rights and enforcement obligations.

The provisional agreement still requires formal approval by both the Council and the European Parliament before it enters into force.

Please feel free to reach out to our team to discuss your projects.