EUR-Lex-link: Adopted and published version, including other language versions, can be found here.
Full name: Regulation (EU) 2025/2518 of the European Parliament and of the Council of 26 November 2025 laying down additional procedural rules on the enforcement of Regulation (EU) 2016/679
Type: Regulation.
Objective:
To standardise and streamline the procedural handling of cross-border GDPR cases by national Data Protection Authorities (DPAs)
To improve efficiency, predictability, and cooperation between DPAs through structured procedures, clearer roles, and defined timelines
To strengthen procedural safeguards and legal certainty for complainants and parties under investigation, including rights to be heard, access to files, and effective judicial remedies
To ensure more consistent and effective enforcement of the GDPR across the EU.
Relevant to: All controllers and processors involved in the processing of personal data within the scope of the GDPR, as well as individuals whose personal data are processed.
Status: Adopted. Enters into force 1 January 2026, applies from 2 April 2027.
Earlier versions:
The Commission’s legislative proposal, available here. Text, adopted by the Parliament is available here. The EDPB and the EDPS also adopted a Joint Opinion on the Proposal on 21 September 2023, read here.
(Last updated 12 December 2025)
Previous article
Next article