This website uses cookies to store information on your computer. Some of these cookies are used for visitor analysis, others are essential to making our site function properly and improve the user experience. By using this site, you consent to the placement of these cookies. Click Accept to consent and dismiss this message or Deny to leave this website. Read our Privacy Statement for more.
Print Page | Contact Us | Report Abuse | Sign In | Register
News & Press: Miscellaneous

EU Lawmakers Announce Deal on Cross-Border GDPR Enforcement Procedures

25 July 2025   (0 Comments)

On 16 June 2025, the Council of the European Union and the European Parliament announced a provisional agreement on the long-awaited GDPR Procedural Regulation – a key legislation aiming at harmonizing cooperation between EU Member State data protection authorities in cross-border enforcement cases. This agreement marks a near-final step in the EU’s legislative effort to formalize consistent procedural rules for the operation of the GDPR’s cooperation and consistency framework.

The Procedural Regulation would supplement the General Data Protection Regulation (GDPR) by harmonizing procedural rules that apply when an investigation by a Data Protection Authority (DPA) involves processing activities affecting individuals in more than one EU Member State (i.e., cross-border processing).

The GDPR’s cooperation and consistency framework

The GDPR’s One-Stop-Shop mechanism (under Art. 56 GDPR) is designed to streamline supervision of cross-border data processing. When a controller or processor operates in multiple EU Member States, or when its processing activities substantially affect individuals in more than one EU Member State, a single Lead Supervisory Authority (LSA) – typically located where the controller or processor has its main establishment – is designated to lead the investigation.

The LSA coordinates with other Concerned Supervisory Authorities (CSAs) under Art. 60 GDPR, sharing information, consulting on draft decisions, and resolving disagreements. If consensus cannot be reached, the matter may be referred to the European Data Protection Board (EDPB) under the consistency mechanism set out in Art. 63 to 65 GDPR. The EDPB may issue binding decisions to ensure uniform application of the GDPR across the EU.

While the framework is intended to reduce administrative burdens and promote consistent enforcement, the European Commission (EC) has noted that inconsistent application by DPAs, fragmented national procedures, and limited resourcing have hindered its effectiveness in cross-border cases.

Procedural history of the provisional agreement

The legislative process began with the EC’s proposal in July 2023, which entered the EU’s ordinary legislative procedure requiring agreement between the European Parliament and the Council. The Parliament adopted its position in April 2024, followed by the Council’s general approach in June 2024.

Interinstitutional negotiations (so called “trilogue”) between the Parliament, Council, and EC commenced thereafter and concluded on 16 June 2025 with a provisional political agreement reached under the Polish Presidency of the Council.

Key elements of the provisional agreement

The final text of the Procedural Regulation will be published following formal adoption by the Parliament and Council. However, based on official announcements (see Council’s announcement and Parliament’s announcement), the provisional agreement includes the following core elements ...

Read the full article in The Compliance Digest!

« Back to Index

 

Connect