The European Parliament has approved a new Regulation to fix ongoing problems in how cross-border data protection cases are handled across the European Union. The decision, finalized on 21 October 2025, aims to make investigations faster, clearer, and more consistent for both citizens and businesses.
When the GDPR was introduced, it created a “one-stop-shop” system for cases involving more than one Member State. However, this system has often faced delays due to different national procedures, unclear timelines, and disagreements between data protection authorities. These challenges have affected high-profile cases, especially those involving large technology companies.
The new Regulation introduces several improvements. Data protection authorities will now follow fixed deadlines at each stage of a cross-border case. Complaint forms will be standardized across the EU, making it easier for people to file complaints in any Member State. Authorities must also agree early on the scope of an investigation to avoid late disputes.
To increase fairness, the Regulation strengthens the rights of individuals and companies involved in these procedures. They will have clearer opportunities to present their views and access relevant information. Major decisions will also require public summaries, improving transparency and public trust.
For businesses, these changes offer more predictability and reduce the risk of sudden enforcement surprises across different countries. For citizens, the reforms promise quicker results and a more reliable application of their data protection rights.
These new rules do not change the core principles of the GDPR. Instead, they support the existing system by guiding how authorities should cooperate in complex, cross-border cases. The Regulation is expected to take effect in 2026 after publication in the EU’s Official Journal.
Reference
1. New GDPR procedural rules for cross-border cases
2. https://www.europarl.europa.eu/doceo/document/TA-10-2025-0238_EN.html
