Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

EU: Commission proposes new procedural regulation for stronger GDPR enforcement in cross-border cases

The European Commission proposed, on July 4, 2023, a new regulation to support the effectiveness and efficiency of enforcement of the General Data Protection Regulation (GDPR) in cross-border cases, by streamlining cooperation between data protection authorities (DPAs) and by harmonizing some aspects of their administrative procedures in cross-border cases. The Commission also released a Q&A page on the proposed regulation, which does not affect any substantial elements of the GDPR.


More in detail, the proposed regulation aims to set up concrete procedural rules for the DPAs when applying the GDPR in cases that affect individuals located in more than one Member State, thus smoothening cooperation and enhancing the efficiency of enforcement. In this regard, the Q&A page clarifies that the proposed regulation does not seek to change the 'one-stop-shop' system under the GDPR. Specifically, the Q&A page details that the proposed regulation would introduce additional steps in the cooperation between DPAs to facilitate early consensus-building and to reduce disagreements later in the process which would require the use of the dispute resolution mechanism under the GDPR.

Individuals and businesses

In addition, the proposed regulation clarifies what individuals need to submit when making a complaint, and provides for their appropriate involvement in the process. To illustrate, the proposed regulation would harmonize the elements which must be provided by complainants in cross-border cases. In turn, the proposed regulation aims to define businesses' due process rights when a DPA investigates a potential breach of the GDPR.

You can read the announcement here, the Q&A page here, and the proposed regulation here.