GDPR: New rules aim to streamline cross-border enforcement

New EU rules aim to streamline GDPR enforcement, promising faster, more predictable cross-border cases. Though advocates say this strengthens the one-stop-shop model, our concerns over regulatory overreach remain strong

The key points: The EU has provisionally agreed new rules to make cross-border GDPR enforcement more consistent and efficient. The reforms introduce standard criteria for investigating complaints, fixed deadlines for investigations, and structured cooperation between data protection authorities. Advocates say this strengthens the one-stop-shop model, though concerns remain about regulatory overreach.

Why this matters: For companies operating in multiple EU countries, these changes promise greater predictability, faster case resolution, and less confusion. However, stricter enforcement could increase compliance risks if not managed carefully.

What might happen next: The new rules will be formally adopted and implemented, with data protection authorities adjusting their procedures. Businesses can expect clearer timelines and more transparency in investigations but should watch for any shifts in enforcement intensity.

What you should be doing: Monitor guidance from your lead data protection authority and be prepared for more structured cross-border cooperation

ADDITIONAL INFORMATION:

See this Hogan Lovells note on this development.