Skip to main content
Published date: 4 July 2023

Data protection: Commission adopts new rules to ensure stronger enforcement of the GDPR in cross-border cases (IP/23/3609 / QANDA/23/3610)

Today, the Commission proposes a new law to streamline cooperation between data protection authorities (DPAs) when enforcing the General Data Protection Regulation in cross-border cases. The new regulation will set up concrete procedural rules for the authorities when applying the GDPR in cases which affect individuals located in more than one Member State. For example, it will introduce an obligation for the lead Data Protection Authority to send a ‘summary of key issues' to their counterparts concerned, identifying the main elements of the investigation and its views on the case, and therefore allowing them to provide their views early on. The proposal will contribute to reduce disagreements and facilitate consensus among authorities since the initial stages of the process.

For individuals, the new rules will clarify what they need to submit when making a complaint and ensure that they are appropriately involved in the process. For businesses, the new rules will clarify their due process rights when a DPA investigates a potential breach of the GDPR. The rules will therefore bring swifter resolution of cases, meaning quicker remedies for individuals and more legal certainty for businesses. For data protection authorities, the new rules will smoothen cooperation and enhance efficiency of enforcement.

Harmonising procedural rules in cross-border cases

The new regulation provides detailed rules to support the smooth functioning of the cooperation and consistency mechanism established by the GDPR, harmonising rules in the following areas: