On June 16, 2025, the European Union's GDPR procedural regulation was officially agreed upon during final negotiations held in Strasbourg.

This new law is designed to enhance the efficiency and speed of cross-border enforcement of the EU's data protection regulations.

Among the key provisions are established deadlines for completing investigations, which had been a major point of contention during the negotiations.

Under the new agreement, decisions by the lead supervisory authority must be finalized within 15 months, although a 12-month extension is available for more complex cases.

The implications of this agreement are significant for major tech companies such as Meta, Google, and Microsoft, as well as for European startups, all of which will be impacted by these new rules.