EDPB Work Programme 2026-2027
EDPB Work Programme 2026–2027 Adopted on 11 February 2026 EDPB Work Programme 2026-2027 2 The European Data Protection Board The European Data Protection Board (EDPB) is an independent European body established by the General Data Protection Regulation (GDPR). The EDPB has the following main tasks: • Issuing opinions, guidelines, recommendations and best practices to promote a common understanding of the GDPR and the Law Enforcement Directive (LED); • Advising the European Commission on any…
How it connects
Related across sources
Full text
EDPB Work Programme 2026–2027 Adopted on 11 February 2026 EDPB Work Programme 2026-2027 2 The European Data Protection Board The European Data Protection Board (EDPB) is an independent European body established by the General Data Protection Regulation (GDPR). The EDPB has the following main tasks: • Issuing opinions, guidelines, recommendations and best practices to promote a common understanding of the GDPR and the Law Enforcement Directive (LED); • Advising the European Commission on any issue related to the protection of personal data in the Union; • Contributing to the consistent application of the GDPR, particularly in cross-border data protection cases; and • Promoting cooperation and the effective exchange of information and best practices between national supervisory authorities. The EDPB has developed a new work programme for 2026-2027 1 , the second to implement the EDPB Strategy for 2024-2027 2 . The Work Programme is based on the priorities set out in the EDPB Strategy, and the needs identified by the members as most important for stakeholders. The current work programme also takes into account the commitments made by the EDPB in its Helsinki Statement on enhanced clarity, support and engagement 3 , including on the intention to strengthen dialogue with stakeholders and facilitate compliance. 1 In line with the Article 29 of the EDPB Rules of Procedure. 2 https:/ /www.edpb.europa.eu/system/files/2024-04/edpb_strategy_2024-2027_en.pdf . 3 Helsinki Statement on enhanced clarity, support and engagement. A fundamental rights approach to innovation and competitiveness, adopted on 2 July 2025. EDPB Work Programme 2026-2027 3 The EDPB will continue to provide timely, concise, practical and clear guidance that is accessible to the relevant audience. In addition, the EDPB will develop and promote tools for a wider audience and produce content accessible to non-experts, SMEs and individuals, including particularly vulnerable data subjects such as children. The EDPB will continue to support the development of compliance measures, including through proactive and early engagement with stakeholders. The EDPB will also continue to support public authorities with guidance addressing the particular challenges they face and will assess how personal data are accessed and used by them for law-enforcement purposes. Pillar I Enhancing harmonisation and promoting compliance Developing further guidance on key issues and concepts of EU data protection law , taking into account the practical experience of stakeholders as gathered through stakeholder events and consultation. This guidance will cover a number of topics, including: 1 • Guidelines on anonymisation • Guidelines on pseudonymisation* • Guidelines on legitimate interest* • Guidelines on children’s data • Guidelines on “consent or pay” models • Guidelines on the processing of data for scientific research purposes • Guidelines on data subject rights under the LED – right of access • Targeted update of the DPO Guidelines • Recommendations on the legal basis for requiring the creation of user accounts on e-commerce websites* • Possible follow-up on the implications of the Judgment of the Court of Justice of the European Union (CJEU) on Passenger Names Records (PNR) 4 4 CJEU judgment of 21 June 2022 C-817/19, Ligue des droits humains, regarding the implementation of the Directive (EU) 2016/681 on the use of PNR in Member States (ECLI:EU:C:2022:491). * These guidelines were already adopted in their version for public consultation and the EDPB plans to work on the final version. EDPB Work Programme 2026-2027 4 3 2 Support the development and implementation of compliance measures for controllers and processors , including: Developing new tools to make GDPR application easier: Building on existing national initiatives and consultations with SMEs to understand their needs, the EDPB will create specific documents for SMEs, such as templates, illustrative examples, checklists, FAQs and “How to” guides. The EDPB will also continue to further develop information streams for a wider audience to complement its technical and legally-focused publications (for non-experts and individuals, including children). Among the templates to facilitate compliance, the EDPB will develop EU templates for: • Data breach notifications • Data Protection Impact Assessments • Legitimate Interest assessment • Record of processing • Privacy notices/policy • Issuing opinions on: • accreditation requirements for monitoring bodies of codes of conduct and for certification bodies • codes of conduct 5 and certification criteria 6 , including the European Data Protection Seal • Engaging with stakeholders on compliance measures, including: • collaboration on certification mechanisms pursuant to the GDPR • interaction with key stakeholder groups to raise awareness and foster understanding, for example, of how certification and codes of conduct can be used 5 Under Article 40(7) GDPR. 6 Under Article 45(2) GDPR. 4 Advise the EU legislature on important issues related to the protection of personal data in the Union. This includes independently giving advice on select topics identified by the EDPB itself, as well as giving advice on legislative proposals, together with the EDPS in the context of joint opinions, in response to any requests from the European Commission, such as with the Digital Omnibus. EDPB Work Programme 2026-2027 5 Pillar II Reinforcing a common enforcement culture and effective cooperation The EDPB will enhance consistency of the application and enforcement of the GDPR, as well as cooperation among its members, building on its commitments made in the Helsinki statement on enforcement cooperation and on opportunities arising from the Procedural Rules Regulation 7 . The EDPB will actively endeavour to fulfil its role as a forum for the regular exchange of information on ongoing cases, continue to support the development of cooperation and enforcement tools, and promote the sharing of expertise. Efforts will also focus on ensuring the smooth functioning of the consistency mechanism by paying greater attention to priority issues. 7 Regulation (EU) 2025/2518 of the European Parliament and of the Council of 26 November 2025 laying down additional procedural rules on the enforcement of Regulation (EU) 2016/679. 1 Encourage and facilitate the use of the full range of cooperation tools enshrined in Chapter VII of the GDPR and Chapter VII of the LED , continuously evaluating and improving the efficiency and effectiveness of these tools, and further promoting a common application of key concepts in the cooperation procedure. This will also include the need to update past guidance following the Procedural Rules Regulation and work on a number of topics, including: • Update of the guidelines on the application of Article 60 GDPR and preliminary steps to handle a complaint • Guidelines on early resolution of complaints • Preparing for the consistent reporting and statistics of enforcement activities • Guidelines on Article 61 GDPR – Mutual assistance • Guidelines on Article 66 GDPR – Urgency procedure • Update of the EDPB endorsed Article 29 Working Party Guidelines on the application and setting of administrative fines for the purposes of the GDPR EDPB Work Programme 2026-2027 6 2 Support enforcement and the exchanges of information and best practices , including: • Implementing the Coordinated Enforcement Framework (CEF), with the 2026 CEF on “Compliance with the obligations of transparency and information (Articles 12, 13 and 14 GDPR)” and a sixth coordinated action in 2027 on a topic to be determined once the 2026 action is completed • Collecting decisions of supervisory authorities (SAs) and court judgments • Creating task forces, when necessary, to provide operational platforms for cases requiring cooperation on enforcement matters • Continuing to develop and implement actions and projects under the Support Pool of Experts to provide material support to EDPB Members and to coordinate exchanges between EDPB members on enforcement and inspection methodologies • Continuing to develop the EDPB secondment programme for staff exchanges between EDPB members • Organising trainings and workshops for EDPB members, such as on certification, Binding Corporate Rules, or enforcement matters Ensure a robust functioning of the consistency mechanism, including by: • Continuing to adopt opinions under Article 64(1) and (2) GDPR that are directly addressed to national supervisory authorities and aim to ensure consistency in their decisions • Continuing to act as a dispute resolution body, providing binding decisions in disputes between EEA supervisory authorities under Article 65 GDPR and adopting decisions or opinions in the context of urgency procedures under Article 66 GDPR • Continuing efforts to align national and EDPB guidance where inconsistencies are identified Evaluate and enhance the IT tools and systems used by the EDPB , including by: • Suggesting updates of the Internal Market Information system (IMI) following the procedural rules regulations and other digital law regulation providing for the application of GDPR cooperation and consistency mechanisms • Connecting DPAs’ national systems to IMI • Evaluating and enhancing IT solutions provided by the EDPB Secretariat 3 4 EDPB Work Programme 2026-2027 7 Pillar III Safeguarding data protection in the developing digital and cross-regulatory landscape 1 Continue to take an active role in relevant forums , including the DMA High Level Group, the European Board for Digital Services and the European Data Innovation Board Establish common positions and guidance in the cross-regulatory landscape on topics including: • Good practices for cross-regulatory cooperation and exchange of information between regulators • Joint guidance with the competition authorities on interplay between data protection and competition law • Guidelines on the interplay between EU data protection law and other EU laws, including: • Joint guidelines on the interplay between the AI Act and the GDPR • Joint guidelines with the European Commission on the interplay between the Digital Markets Act and the GDPR* • Guidelines on interplay between the Digital Services Act and the GDPR* • Guidelines on political advertising regulation • Work on the interplay between data protection and anti-money laundering and countering financing of terrorism (AML/CFT) requirements. • Template for cross-regulatory cooperation agreements The EDPB will promote consistent application of different regulatory frameworks and cooperation with other regulatory authorities to address legal and practical challenges in the developing cross-regulatory and interdisciplinary landscape, while maintaining coherent and consistent safeguards for the protection of personal data. The EDPB will also continue to promote a human-centric approach to new technologies. 2 EDPB Work Programme 2026-2027 8 3 Proactively engage with other regulatory authorities on matters relating to data protection to support the new cross-regulatory landscape, such as competition authorities, consumer protection authorities and authorities competent under other legal acts. In addition to the work on possible joint guidelines with other regulators, the EDPB will invite other EU or national regulators to EDPB meetings where appropriate and organise a public event on the new interplay developments. Monitor and assess new technologies, developing guidance to promote a human-centric approach on topics including: • Guidelines on generative AI – data scraping • Guidelines on telemetry and diagnostic data • Guidelines on blockchain* Engage and cooperate with EU legislators and other EU institutions and bodies , including responding, where appropriate, to developments related to the digital euro and the financial data access and payments package. 4 5 EDPB Work Programme 2026-2027 9 Pillar IV Contributing to the global dialogue on data protection The EDPB will continue to promote global dialogue on privacy and data protection, with a focus on international cooperation in enforcement between its members and authorities of third countries. The EDPB will also continue work on GDPR and LED transfer mechanisms. 1 2 3 Continue work on GDPR and LED data transfer mechanisms and provide further guidance on their practical implementation . This will include: • Opinions and reviews of adequacy decisions • Opinions on administrative arrangements • Opinions on Binding Corporate Rules (BCR) and streamlining the approval process • Opinions on certification as a tool for transfers • Opinions on standard contractual clauses and ad-hoc contractual clauses • Update of Referential for BCR Processor* Support the exchange of information and cooperation among EDPB members active in international forums and continue to engage with the international community to promote high data protection standards. Continue to facilitate and further strengthen cooperation between EDPB members and authorities of third countries and supporting enforcement. The EDPB will continue its initiative of close cooperation with DPAs from countries or organisations with an adequacy decision.