Written by: Haim Ravia, Dotan Hammer
On April 14, 2026, the European Data Protection Board launched a public consultation on a harmonized Data Protection Impact Assessment (DPIA) template. DPIAs are required under Article 35 of the GDPR when processing is likely to result in a high risk to the rights and freedoms of natural persons — including large-scale processing of sensitive data, systematic monitoring of publicly accessible areas, and automated decision-making with legal or similarly significant effects.
Until now, DPIA templates have varied across EU Member States, creating inconsistency for organizations operating in multiple jurisdictions. The harmonized template aims to address this fragmentation. Once finalized, all data protection authorities will begin the necessary steps to adopt this template as their unique template or as a “meta-template” with which national-specific templates will be compatible.
Click here to download the EDPB’s harmonized DPIA template.
Click here to read the accompanying explainer document.
