![European American Chamber of Commerce New York [EACCNY] | Your Partner for Transatlantic Business Resources](https://eaccny.com/wp-content/uploads/2020/06/eaccny-logo.png){kind=logo}
Today the Council adopted new rules to improve cooperation between national data protection bodies when they enforce the General Data Protection Regulation (GDPR) in order to speed up the process of handling cross-border data protection complaints.
The measures adopted will streamline administrative procedures relating to, for instance, the rights of complainants or the admissibility of cases, and thus make enforcement of the GDPR in cross-border cases more efficient.
Main elements of the new EU regulations
• Admissibility: The requirements for the admissibility of cross-border action – the decision if a complaint meets the conditions for being investigated – will be harmonised. Regardless of where in the EU a complaint is filed, admissibility will be judged on the basis of the same information.
• Rights of complainants and parties under investigation: Common rules will apply for the involvement of the complainant in the procedure, the right to be heard for the company or organisation that is being investigated as well as the right to receive the preliminary findings in order to express their views on it.
• Simple cooperation procedure: For straightforward cases data protection authorities can decide, in order to avoid administrative burden, to settle actions without resorting to the full set of cooperation rules.
• Deadlines: In the future an investigation should not take more than 15 months. For the most complex cases this deadline can be extended by 12 months. In the case of a simple cooperation procedure between national data protection bodies, the investigation should be wrapped up within 12 months.
Next steps
Today’s adoption by the Council is the final legislative step. The regulation will enter into force 20 days after its publication in the Official Journal of the EU. It will become applicable 15 months after its entry into force.
Background
The GDPR has put in place a system of cooperation between national data protection bodies. Those authorities, which are responsible for enforcing the GDPR, are obliged to cooperate when a data protection case concerns cross-border processing. This is the case, for instance, when the complainant resides in a member state other than that of the company under investigation.
In such cross-border cases, a single national authority will take on the role of lead authority in the investigation, but is required to cooperate with its counterparts in other member states.
Compliments of the Council of the European Union