The EU Council adopts a law to accelerate cross-border GDPR investigations.
Brussels, November 17, 2025 - The EU Council has adopted a new European law to accelerate the management of cross-border complaints regarding data protection (GDPR), a legislative package aimed at improving cooperation between national supervisory authorities. The measures adopted are intended to streamline the enforcement of GDPR in cross-border cases by simplifying administrative procedures and establishing clear deadlines.
Since the entry into force of GDPR, cross-border cases (for example, when a complainant resides in a different country than the one where the targeted company is based) have required complex cooperation between the lead supervisory authority and other national authorities, often leading to significant delays. The new law introduces several key elements to address these bottlenecks.
The new measures will harmonize the rules for the admissibility of complaints, ensuring that they are assessed based on the same criteria, regardless of where in the EU they are filed. Additionally, the law establishes clear common rules for the rights of the parties involved, clarifying the complainant's participation in the procedure and the investigated company's right to be heard and to respond to preliminary findings. To reduce bureaucracy, data protection authorities will be able to use a simplified cooperation procedure for straightforward cases.
The most important element is the introduction of clear deadlines: an investigation should not take more than 15 months. For the most complex cases, this deadline can be extended by another 12 months. In the case of a simplified cooperation procedure, the investigation should be completed within 12 months.
The adoption by the Council represents the final legislative step. The regulation will enter into force 20 days after its publication in the Official Journal of the EU and will become applicable 15 months after its entry into force.
ȘTIRI PE ACELEAȘI SUBIECTE
