The European Commission proposed, on July 4, 2023, a new regulation to support the effectiveness and efficiency of enforcement of the General Data Protection Regulation (GDPR) in cross-border cases, by streamlining cooperation between data protection authorities (DPAs) and by harmonizing some aspects of their administrative procedures in cross-border cases. The Commission also released a Q&A page on the proposed regulation, which does not affect any substantial elements of the GDPR.

DPAs

More in detail, the proposed regulation aims to set up concrete procedural rules for the DPAs when applying the GDPR in cases that affect individuals located in more than one Member State, thus smoothening cooperation and enhancing the efficiency of enforcement. In this regard, the Q&A page clarifies that the proposed regulation does not seek to change the 'one-stop-shop' system under the GDPR. Specifically, the Q&A page details that the proposed regulation would introduce additional steps in the cooperation between DPAs to facilitate early consensus-building and to reduce disagreements later in the process which would require the use of the dispute resolution mechanism under the GDPR.

Individuals and businesses

In addition, the proposed regulation clarifies what individuals need to submit when making a complaint, and provides for their appropriate involvement in the process. To illustrate, the proposed regulation would harmonize the elements which must be provided by complainants in cross-border cases. In turn, the proposed regulation aims to define businesses' due process rights when a DPA investigates a potential breach of the GDPR.

You can read the announcement here, the Q&A page here, and the proposed regulation here.