Category: Publications

The GDPR Procedural Regulation – New Chapter in GDPR Enforcement

The Regulation (EU) 2025/2518 laying down additional procedural rules on the enforcement of Regulation (EU) 2016/679 (hereby referred to as the “Regulation) entered into force on the 1st of January 2026, and will become effectively applicable starting from 2 April 2027. The Regulation introduces a new set of procedural rules governing the enforcement of the Regulation (EU) 2016/679 (the “GDPR“) in cases involving cross-border data processing activities.

 The GDPR establishes a system in which a single lead supervisory authority oversees cross-border processing through the “one-stop-shop” mechanism. In practice, however, this model has frequently been undermined by diverging national procedural rules, leading to delays and legal uncertainty. Against this backdrop, the new Regulation seeks to overcome these structural shortcomings by streamlining procedures and strengthening the effectiveness of cross-border enforcement.

Briefly, this Regulation is purely procedural, given that it seeks to reinforce the procedural framework for GDPR enforcement in cross-border cases, while enhancing clarity and cooperation among EU authorities when handling such matters. It is also important to note that the obligations under the GDPR, including the criteria for fines (as set out in Article 83 GDPR), remain unchanged; the Regulation solely introduces stricter deadlines, harmonised complaint requirements, and strengthened defence rights for data subjects and relevant organisations.

The key developments brought by the Regulation can be divided into three major areas, respectively:

 I. Harmonisation & Unification of the rules for the admissibility of complaints

 While, under the GDPR, the requirements for filing a complaint have so far varied significantly from one Member State to another, the new Regulation introduces certain significant novelties. In this respect, the Regulation puts an end to this fragmented approach, and establishes strict and uniform requirements for the admissibility of cross-border complaints.

For example, from now on, a complaint will only be admissible if it contains specific information, such as: (i) the complainant’s contact details; (ii) information facilitating the identification of the data controller or the data processor subject of the complaint; as well as (iii) a specific description of the alleged infringement of the GDPR’s provisions.

Why is this important in practice? The legal wording appears to set out an exhaustive list of admissibility requirements. As a result, no additional information may be requested beyond what is expressly required by the Regulation for a complaint to be considered admissible by the supervisory authority.

II. Introduction of stricter deadlines for authorities & Speeding up the processes

 Under the GDPR, there were no binding deadlines for concluding cross-border investigations, allowing cases to remain unresolved for several years. The Regulation introduces stricter deadlines for supervisory authorities and efficiency mechanisms, such as:

The Early Resolution stage: Article 5 of the Regulation establishes a procedure for early resolution of complaints related to cross-border data processing under the GDPR, specifically when the complaint concerns data subject rights, in accordance with Chapter III of the GDPR. In essence, Article 5 allows supervisory authorities to close cross-border complaints quickly when the issue has already been remedied, while preserving the complainant’s right to object and the authorities’ enforcement powers.
New deadline for issuing decisions: the lead supervisory authority (”LSA”) must, in principle, submit a draft decision within 15 months of confirmation of its competence, under the provisions of Article 60 (3) GDPR. This period may be extended only once, for a maximum period of 12 months, and in exceptional cases.
The “Anti-Bureaucracy” Clause: in cases where the LSA can form a preliminary view on the main issues in an investigation, which does not raise reasonable doubts, the LSA may resort to the Simple Cooperation Procedure, as set out in Article 6 of the Regulation, to streamline the process.

Failure to comply with the deadlines set out by the Regulation does not, in itself, invalidate procedural steps or final decisions. However, observance of these time limits could be relevant in assessing whether a supervisory authority has failed to act in handling a complaint, which may entitle the entitled parties to seek an effective judicial remedy under Article 78 GDPR.

III. Strengthening the rights of defence

The Regulation significantly strengthens procedural guarantees for controllers and processors under investigation, by establishing the so-called “right to be heard”. Thus, the focus is on the right to be heard before a final decision is made; thus, a decision issued by an LSA seems to be now more precisely “scratched“, as follows:

Outlining Preliminary findings: in case the LSA intends to establish an infringement, it must first draw up “preliminary findings” concerning the respective infringement. This document must contain all the facts, evidence, and legal assessment, as well as the corrective measures (such as fines) that are being considered (Article 19 of the Regulation).
Exercising the right to be heard: after notification of the preliminary findings, the party under investigation is given a minimum of three and a maximum of six weeks to respond in writing (Article 20 of the Regulation).
Adoption of the final decision: if, after the draft decision is shared under Article 60(3) GDPR, no supervisory authority raises an objection within the applicable time limits provided by the Regulation, the LSA must, within one month: (i) adopt the final decision under Article 60(7) or Article 60(9) GDPR; and (ii) notify that decision to the controller’s or processor’s main or single establishment, as applicable. (Article 21 of the Regulation)
Right to access the administrative file: parties under investigation are now expressly granted the right to access the administrative file, subject to the protection of trade secrets and confidential information and the right to receive preliminary findings setting out the alleged infringements and the corrective measure the LSA considers using (Article 24 of the Regulation). The administrative file includes all documents and evidence gathered by the lead and concerned supervisory authorities, whether inculpatory or exculpatory. It excludes internal communications within a supervisory authority.

 Conclusion

The Regulation marks a new step in the evolution and strengthening of GDPR enforcement, further refining how the GDPR is applied in practice, from a procedural point of view. While it enhances legal certainty for organisations, it also requires increased legal agility due to stricter and shorter deadlines for responding to allegations.

Having said that, the Regulation replaces fragmented national rules with a unified, time-bound framework, ensuring more efficient, predictable, and transparent GDPR enforcement across the entire European Union.

bpv Huegel advises ISS Austria on the acquisition of the family-owned Franye group

19 December 2025. bpv Huegel advised ISS Austria, which is part of the international ISS Group and the domestic market leader for facility services, on the acquisition of the Austrian Franye group. Focusing on air conditioning and building technology, the group generated revenues of around EUR 25 million in the 2024 financial year and employs approximately 150 people.

A bpv Huegel team led by Thomas Lettau (Partner and Co-Head of the Corporate/M&A department) conducted the legal due diligence for ISS Austria. The team also assisted with structuring the transaction and negotiations, prepared the transaction documents, and advised on the merger control aspects of the transaction.

bpv Huegel regularly advises ISS Austria on M&A transactions, most recently on the acquisition of med-serv gmbh, a company specialising in infrastructural facility management in healthcare facilities.

Press release

bpv Huegel expands its Corporate/M&A and Private Equity practice with Michal Dobrowolski as new partner

Michal Dobrowolski (45) has about 20 years of transaction experience in M&A and private equity. bpv Huegel continues its strong, dynamic growth in M&A and private equity with this team expansion.

Vienna, 04 December 2025. bpv Huegel will strengthen its Corporate/M&A and Private Equity practice from January 2026 with the addition of Michal Dobrowolski. With Michal, the firm gains an experienced M&A and private equity specialist from Freshfields. He brings in-depth experience in significant and complex international M&A and private equity transactions, as well as venture capital investments.

His expertise also includes transactions in the US, Asia and Africa, with a primary focus on Europe (DACH) and CEE. Michal’s practice covers all major industries, with a particular focus on private equity, the energy and telecoms sector, as well as real estate and carve-out transactions.

His arrival underscores bpv Huegel’s strategic positioning as one of the leading firms for high-profile national and international transactions.

Michal brings tremendous transactional strength and an international focus as seasoned advisor. With him on board, we are consistently continuing our highly dynamic growth in M&A and private equity,” says Christoph Nauer, Co-Managing Partner of bpv Huegel.

bpv Huegel is a transaction powerhouse with a unique offering in tax and antitrust/merger control, which are of particular relevance to transactions. I look forward to working with the team to further expand its international focus,” adds new Partner Michal Dobrowolski.

Michal Dobrowolski holds a doctorate (Dr. iur.) from the University of Vienna. He is admitted to practice in Austria (since 2009) and as a solicitor (England & Wales) (since 2022/23). Michal Dobrowolski is the author of various publications on corporate law matters.

He advises in German, English and French as well as Polish (second native language), a valuable skill for his transactional work in CEE. Michal Dobrowolski worked at Freshfields in Vienna, about 20 years (since 2006), including over 10 years as counsel.

Press release

bpv Huegel advises NÖM AG on strategic partnership with Vorarlberg Milch

The law firm bpv Huegel provided comprehensive support to NÖM AG during its merger with Vorarlberg Milch.

26 August 2025. As part of the transaction, NÖM AG is acquiring the production facility of Vorarlberg Milch GmbH in Feldkirch, which will be managed as part of the NÖM Group in future. At the same time, Vorarlberg Milch eGen is acquiring a direct 3% stake in NÖM AG and will be represented on the Supervisory Board.

The transaction has already been approved by the Federal Competition Authority. The majority shares in NÖM AG remain unchanged with Raiffeisen-Holding NÖ-Wien reg. Gen via Niederösterreichische Milch Holding GmbH and with MGN Milchgenossenschaft Niederösterreich reg. Gen.

bpv Huegel was responsible for structuring the transaction, conducting due diligence, drafting and negotiating the agreements, and handling the merger control proceedings.

The partnership between NÖM AG and Vorarlberg Milch represents a significant step forward for the Austrian dairy industry. We are pleased to have supported NÖM AG in this strategic development,” said Christoph Nauer, Co-Managing Partner at bpv Huegel.

Press release

bpv Huegel advises CPI Europe on the sale of the Vienna Marriott Hotel

The international sales process for the renowned Vienna Marriott Hotel at Parkring Vienna has been successfully completed with its acquisition by an international consortium of investors.

Vienna, 01 July 2025. bpv Huegel provided comprehensive advice to CPI Europe group (S IMMO) on the sale of the Vienna Marriott Hotel to an international consortium of investors. As part of its strategic realignment, CPI Europe is selling the property at Parkring 12a and the hotel business.

The transaction was implemented through share deals and involves the iconic Viennese hotel property, a large-scale, mixed-use inner-city property, as well as the hotel operating company. The transaction value amounts to over EUR 100 million. The closing for the sale of the real estate companies took place on 27 June 2025. The closing for the hotel operating company is scheduled for January 2026.

The buyer is a joint venture between Evientro Ltd and London-based Landfair European Dislocated Opportunities SCSp, which specializes in liquidity solutions in the European real estate market.

Almost exactly 40 years after its opening on 1 July 1985, one of Vienna’s most famous hotels is changing owners. The hotel, with over 300 rooms and suites, was the first Marriott hotel in the German-speaking region. The hotel will continue to be operated by Marriott International under a long-term management agreement.

The transaction is one of the most significant hotel sales in Vienna in recent years. We are proud to be supporting CPI Europe on this complex real estate and corporate transaction,” said Christoph Nauer, partner at bpv Huegel and co-lead on the transaction.

bpv Huegel’s advisory services covered the international bidding process, complex corporate structuring, drafting and negotiation of transaction agreements, and tax issues. The bpv Huegel team was jointly led by Christoph Nauer (Corporate/M&A), Dominik Geyer (Real Estate) and Roland Juill (Corporate/M&A), and included Nicolas Wolski (Tax Law), Paul Pfeifenberger (Real Estate, Labor Law), Patrick Nutz-Fallheier (Corporate/M&A), Tim Pasternak (Corporate/M&A) and Gerhard Fussenegger (Antitrust Law).

The buyer’s advisors included SAXINGER (lead counsel to the buyer joint venture), AKELA (co-counsel for acquisition financing on the buyer side), Binder Grösswang (merger control on the buyer side), DLA Piper (legal advisor to the buyer in Germany and Luxembourg), Wolf Theiss (legal advisor to the financing bank, UniCredit Bank Austria AG) and BDO Austria (tax law buyer), which also advised on valuation issues relating to the transaction.

The transaction was facilitated by hotel real estate specialist Christie & Co, who acted as advisor and exclusive broker.

Press release

bpv Huegel advises RWA on the sale of its share in AUSTRIA JUICE to AGRANA

Vienna, 03 June 2025. bpv Huegel successfully advised RWA Raiffeisen Ware Austria Aktiengesellschaft (RWA) on the sale of its share in AUSTRIA JUICE GmbH to AGRANA Beteiligungs-Aktiengesellschaft.

AGRANA already holds a share in AUSTRIA JUICE and will hold 100% in the company following the acquisition of RWA’s share in AUSTRIA JUICE. AUSTRIA JUICE is a major manufacturer of fruit juice concentrates with headquarters in Kroellendorf (Lower Austria) and 13 production sites in Austria, Germany, Hungary, Poland, Romania, Ukraine, and China. The company employs around 1,000 people in total. Its turnover amounts to around EUR 330 million.

bpv Huegel already advised RWA on the establishment of the joint venture with AGRANA in 2012.

“We are proud to have been at RWA’s side from the founding of the AUSTRIA JUICE joint venture until its exit more than 13 years later,” said Thomas Lettau, partner and co-head of the Corporate/M&A practice group at bpv Huegel.

The bpv Huegel team was led by Thomas Lettau and also included Christoph Nauer, Nicolas Wolski, Anna Zirkler, Astrid Ablasser-Neuhuber and Gerhard Fussenegger.

AGRANA was advised by Schoenherr.

The transaction is subject to approval by the relevant competition and investment control authorities.

Press release

bpv Huegel advises RWA eGEN on acquisition financing for the purchase of shares in RWA AG

RWA eGen completes the purchase of shares in RWA AG from BayWa AG. The acquisition financing was structured and provided by Raiffeisen Bank International AG.

16 May 2025. bpv Huegel advised RWA Raiffeisen Ware Austria Handel und Vermögensverwaltung eGen (RWA eGen) and its acquisition holding on the completion of the approximately 47.53% share purchase in RWA Raiffeisen Ware Austria Aktiengesellschaft (RWA AG) and the acquisition financing from Raiffeisen Bank International AG (RBI). The share purchase with BayWa Aktiengesellschaft (BayWa AG) was completed on 2 May 2025. The purchase price amounts to EUR 176 million. The share purchase agreement was concluded at the end of last year.

The acquisition financing was structured and provided by Raiffeisen Bank International AG (RBI). With the completion of the purchase, the control over RWA AG is now fully held by RWA eGen in Austria.

We are proud that we were able to successfully support RWA in this strategically important acquisition and financing and would like to thank all the teams involved in the transaction for their excellent cooperation,” says Christoph Nauer, the partner who led the transaction.

RWA AG is a producer, service provider and trader in the business areas of agriculture, technology, energy, building materials and home & garden. As the umbrella organisation of the Lagerhaus cooperatives in Austria, RWA AG provides them with a comprehensive range of services in the aforementioned areas. In addition, RWA AG holds a large number of participations and subsidiaries in Austria and in selected Eastern European countries. RWA eGen also holds the majority of shares in Raiffeisen Agrar Invest AG, which is the second-largest shareholder in BayWa AG with a stake of around 28.3%.

The bpv Huegel team led by partners Christoph Nauer (Corporate/M&A, Capital Markets) and Ingo Braun (Financing & Regulatory), included Barbara Valente (Financing & Regulatory, Corporate/M&A), Daniel Maurer (Financing & Regulatory, Corporate/M&A), Patrick Nutz-Fallheier (Corporate/M&A), Roland Juill (Corporate/M&A) and Johannes Mitterecker (Corporate/M&A). The merger control and investment control proceedings in seven countries were handled by a team led by partner Astrid Ablasser-Neuhuber (Merger Control/FDI) with Stefan Holzweber and Philipp Stengg (both Merger Control).

RWA eGen was advised on German law by FPS Rechtsanwälte, Frankfurt (Daniel Herper). BayWa AG was represented by a team from Jones Day, Munich (Maximilian P. Krause, Alexander Ballmann, Jürgen Beninca and Sebastian Schwab).

RBI, as the structuring and financing bank, was advised by a team from Schoenherr comprising Martin Ebner, Christian Cacic, Gabriel Ebner, Viktoria Carranza-Berg and Kristina Petz.

Press release

bpv Huegel: Johannes Mitterecker becomes partner

bpv Huegel is delighted to appoint Johannes Mitterecker as a partner. He works in the Corporate Law/M&A practice group and specialises in M&A transactions, restructuring and sports law.

15 May 2025. bpv Huegel appoints DDr. Johannes Mitterecker, LL.M., as a new partner with effect from May 2025. Johannes Mitterecker is an experienced transaction lawyer who joined bpv Huegel in 2021, specialising in corporate law, private equity and venture capital funds. He also provides corporate and regulatory advice to alternative investment funds, investment and venture capital funds, family offices and investment firms.

Furthermore, he is establishing an interdisciplinary sports law practice group at bpv Huegel.

Johannes Mitterecker is the editor and author of numerous publications on corporate, capital market and sports law, including groundbreaking publications such as the comprehensive commentary on the Alternative Investment Fund Managers Act (AIFMG) and practical handbooks on sports law and shareholder disputes.

Johannes Mitterecker holds doctoral degrees from the University of Vienna and the Vienna University of Economics and Business, as well as an LL.M. from Columbia University in New York. He is also admitted to the New York State Bar.

Christoph Nauer, Co-Managing Partner of bpv Huegel, congratulates the new partner: “We are delighted to welcome Johannes to our partnership and look forward to continuing the growth of the firm with him, delivering top-quality services in high-end transaction advisory.

Press release