The General Data Protection Regulation (GDPR) seeks to effectively uphold people’s fundamental right to personal data protection in the EU. However, consumers and organisations representing them face disproportionate hurdles when lodging complaints before data protection authorities, particularly in cases involving complaints against companies that process personal data of consumers across many EU countries. These issues range from decisions from authorities taking too long while the infringements continue unimpeded, to complainants having insufficient rights to defend their interests, and the unpredictability of authorities’ actions when they handle a case. The European Commission has proposed a Regulation to fix these problems, but it should be improved. Without these improvements, GDPR enforcement will continue to be seriously flawed, major infringers of the GDPR such as Big Tech companies will not face deterrent action, and consumers will not benefit from the protection they are entitled to.