From the list of issues, we have derived sixteen “core concepts”, which can provide solutions via high-level principles and rules.

Ideally, these concepts should be abstract enough to capture many problems, with a simple rule or principle that can be included in various provisions throughout the new Regulation.

When developing these principles, we have actively considered existing mechanisms in EU law, such as instruments in procedural rules, which seem to have many common features with GDPR procedures.

Concept 16: Defining GDPR terminology, legal assumptions and deadlines

Many elements of the GDPR are not defined, such as “mutual assistance”, “rejection”, or the “dismissal” of a case. The new Regulation could increase legal certainty when applying the GDPR, by using the same wording as the GDPR but also defining these words in detail. The GDPR has certain elements that may have definitions that are too strict or turned out to be hard to prove, like the “main establishment” in Article 4(16) “cross-border processing” in Article 4(23), “substantially affected” in Articles 4(22)(b) and 56(2) or “relevant and reasoned objection” in Article 4(24) GDPR. These elements could be adapted by adding legal assumptions (e.g. that an objection is ‘relevant’ or that the named establishment is the ‘main establishment’) as well as short deadlines to raise objections to such assumptions. Such an approach limits the need to investigate each matter and creates legal certainly, while still allowing parties to raise matters when they consider them to be crucial.


  • Increased legal certainty.


  • GDPR terminology would be defined in a separate Regulation, requiring the parallel reading of the two Regulations. However, as this would only concern procedural matters and a small group of people is concerned with these matters, the impact would be limited.