Privacy & Information Security Law Blog

On July 4, 2023, the European Commission proposed a new Regulation for additional procedural rules relating to the enforcement of the GDPR (the “GDPR Enforcement Regulation”). With the GDPR Enforcement Regulation, the European Commission aims to make the handling of cross-border data protection cases more efficient by harmonizing certain administrative procedures and elaborating existing rules on cooperation between EU Supervisory Authorities.

In light of this, the GDPR Enforcement Regulation proposes to:

• Harmonize the information that data subjects must provide to lodge a complaint regarding cross-border processing and harmonize the rules for acceptance or rejection of the complaint.
• Introduce the possibility of resolving complaints through an amicable settlement (though Supervisory Authorities may still proceed with an investigation ex officio).
• Harmonize the rights of the parties under investigation (i.e., controllers or processors), particularly the right to express their view in the context of the dispute resolution mechanism established by Article 65 of the GDPR.
• Introduce EU-wide rules on access to the administrative file and protection of confidential information by the parties under investigation.

Based on the current text, the GDPR Enforcement Regulation would enter into force on the 20th day following its publication in the Official Journal of the European Union, and would apply to (1) ex officio investigations opened after this date; (2) complaint-based investigations where the complaint was lodged after this date and; (3) all cases submitted to dispute resolution under Article 65 of the GDPR after this date.

The GDPR Enforcement Regulation will now be submitted to both the European Parliament and the Council of Ministers to be negotiated and voted on.

Read the European Commission’s Proposal.