LINARI LAW

Data protection reform: EU to streamline cross-border GDPR enforcement

The GDPR, in force since May 25, 2018, is the cornerstone of data protection across the European Union. It established a unified framework for the protection of personal data and created mechanisms for cooperation between national data protection authorities when handling cross-border cases—situations where individuals in one member state are affected by data processing activities based in another. In such cases, one national authority leads the investigation, while others must be consulted and involved.

The Council of the EU and the European Parliament have reached a provisional agreement on a new regulation aimed at improving how these authorities work together.

The new law introduces several procedural and administrative improvements that will make enforcement of the GDPR faster, more consistent, and more transparent for citizens and organizations alike.

One of the most impactful changes is the harmonization of admissibility criteria for cross-border complaints. Under the new rules, a complaint filed anywhere in the EU will be assessed using the same standards.

The regulation also strengthens procedural rights. Complainants will have the right to be heard if their complaint is rejected, and clear rules will govern their involvement throughout the process. At the same time, companies or organizations under investigation will be given access to the preliminary findings before a final decision is taken, allowing them to provide comments and ensure a fair hearing.

To improve efficiency, strict deadlines have been introduced. Investigations must generally be completed within 15 months, with a possible 12-month extension for particularly complex cases. Simpler cooperation procedures—where coordination between authorities is minimal—should be resolved within 12 months.

An early resolution mechanism has been added to further speed up the handling of straightforward cases.

The agreement also provides tools to improve cooperation between authorities. For instance, lead authorities must now share a summary of key issues early in the process to help other data protection bodies align their views and avoid protracted disagreements. In straightforward situations, a simplified cooperation procedure may be applied, allowing national authorities to bypass the full procedural framework while still respecting fundamental rights and enforcement obligations.

The provisional agreement still requires formal approval by both the Council and the European Parliament before it enters into force.

Please feel free to reach out to our team to discuss your projects.

PREVIOUS NEXT

Related posts

Browse All

Luxembourg’s new defence finance role: a catalyst for investment funds and private capital

Luxembourg has been selected to host the European hub of the Defence, Security and Resilience Bank (DSRB), reinforcing its role as a leading international financial centre. The new institution will mobilise public and private capital to finance defence, security and resilience projects across NATO allies. The initiative is expected to…

Luxembourg modernises insolvency proceedings: Electronic filing of court documents approved by Parliament

On 7 July 2026, the Luxembourg Parliament adopted Bill No. 8735, introducing electronic filing for key documents in insolvency and judicial reorganisation proceedings. The reform permits writs of summons, appeals and applications to be submitted electronically to the competent court registry. Where statutory deadlines apply, filings may be made until…

The EU Pay Transparency Directive: a new compliance imperative for Luxembourg employers

The EU Pay Transparency Directive introduces significant new equal-pay and remuneration transparency obligations for employers across the European Union. Luxembourg must transpose the Directive into national law, although the legislative process remained pending as of late June 2026. Employers will need to provide greater transparency during recruitment, respond to employee…

Sustainability 2.0 in Luxembourg: CSRD, CSDDD, and the next compliance wave

The Omnibus I Directive significantly reshapes the EU sustainability framework by narrowing the scope of the CSRD and CSDDD. Luxembourg companies should reassess whether they remain in scope and prepare for revised reporting and due diligence timelines. Businesses must strengthen governance, internal controls, and cross-functional coordination to meet future compliance…

Right to disconnect: Key compliance considerations for employers in Luxembourg

The right to disconnect framework in Luxembourg becomes subject to administrative enforcement by the Labour Inspectorate (ITM) from 1 July 2026. Employers whose staff use digital tools for work must implement a documented framework protecting rest periods and work-life balance. The law allows flexibility, enabling organisations to adapt measures to…

ECB raises interest rates: implications for businesses and investors in Luxembourg

The European Central Bank has raised its key interest rates to 2.25% in response to renewed inflationary pressures across the euro area. The increase is expected to affect financing costs, investment strategies, asset valuations and transaction structures for Luxembourg businesses and investors. Companies should review financing arrangements, covenant compliance and…
Browse All

A LEGACY OF LAW. A FUTURE OF INNOVATION.
25 years of legal excellence – the journey continues.

Contact Info

+352 27 11 60 10

UP