+359 878 685 304

The new GDPR rules: What changes for users and businesses in 2025

GDPR changes 2025: What follows for businesses and users

Learn how the new procedural changes to GDPR will affect websites, platforms, and users. What is expected and how can you prepare?

The new GDPR rules: What changes for users and businesses in 2025

What practically changes if the new procedural rules to GDPR are adopted

GDPR is already seven years old. The problem? In practice, it works slowly, and cross-border cases can drag on for years.
To remove procedural obstacles, the EU is preparing changes to the regulation that do not change the fundamental rights, but clarify how regulators work on complaints and violations.

This is not a "new GDPR", but a "procedural supplement" that unifies the work of all supervisory authorities (Data Protection Authorities – DPAs) in the EU.

Make the most important thing happen this year - Train employees to work with personal data with our course "GDPR Course: Regulation for the Protection of Personal Data" 

But what does this mean in the real world – both for users and for website and app owners?

What will change for users

1. Faster handling of complaints

Today, cross-border cases often get stuck in a dead end because countries disagree about which authority is competent and when a complaint is "admissible".

The change:

  • clear deadlines

  • uniform criteria for acceptance/rejection

  • fewer bureaucratic blockages between countries

➡️ For users, this means a faster response and more predictability.

2. Clearer rights when submitting a complaint

Currently, different countries respond differently: in some places contact is easy and digital, elsewhere – silence.

The change:

  • standard notification rules

  • an obligation for regulators to provide specific feedback

  • less "silent refusal"

➡️ Users will know what is happening with their case.

3. More transparency and the right to be heard

The proposed regulation introduces a clearer framework for when the complainant can be heard and informed.

➡️ More transparency = more trust in the process.

4. It does not change GDPR rights

Important:

  • right of access

  • right to erasure

  • right to be forgotten

  • right to portability

  • right to object

They remain the same.
What changes is how the procedure works, not the principles.

What will change for website, web app, and platform creators

1. Clearer expectations from regulators

When regulation is unclear, business is under constant stress. The new regulation harmonizes the procedure in the EU.

➡️ Fewer "surprises" during an inspection
➡️ Clearer "best practices"
➡️ Easier predictability

2. Faster clarification of cases

If a website or app is accused of a violation, the process will no longer drag on for years.

➡️ Businesses will know sooner whether they need to change processes, cookies, consent, etc.

3. Lower risk of "regulatory shopping"

Companies now often register their headquarters in a "more convenient" country in order to have a more lenient regulator.

The new rules close this loophole – all authorities will have to work according to the same procedure.

➡️ Companies will need to maintain a higher and consistent standard everywhere.

4. Stricter admissibility criteria for complaints

There is a debate here.

The risk (according to critics):

  • too strict criteria could limit people's right to file complaints

  • regulators could reject complaints for formal reasons

The benefit for business:

  • fewer unfounded or "template" complaints

  • clearer parameters for when a complaint is valid

➡️ This is the sweet spot between protecting rights and preventing abuse.

What does this mean for developers

  1. Stricter documentation of data flows

  2. Better control over cross-border processes

  3. Clearer expectations for handling requests

  4. Need for internal coordination (legal team + technical team)

  5. Proper UI/UX decisions for consent, settings, cookies, profiles

➡️ GDPR remains a technological challenge – but procedurally it becomes clearer.

What does this mean for platforms

  • faster resolution of cases

  • better monitoring of violations

  • lower risk of "regulatory chaos"

  • greater documentation requirements

  • more expectations for transparency

 

Proposal of the European Commission (04.07.2023)
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52023PC0341

Joint opinion EDPB/EDPS 01/2023
https://edpb.europa.eu/system/files/2023-10/2023-09-19_jointopinion_01-2023_proceduralrules_en.pdf

Council general approach (13.06.2024)
https://data.consilium.europa.eu/doc/document/ST-10504-2024-INIT/en/pdf 

Press release on the political agreement (16.06.2025)
https://www.consilium.europa.eu/en/press/press-releases/2025/06/16/ai-gdpr-procedural-regulation/

Make the most important thing happen this year - Train employees to work with personal data with our course "GDPR Course: Regulation for the Protection of Personal Data" 

Related Articles