Written by: Haim Ravia, Dotan Hammer
The European Data Protection Board (EDPB) has adopted a common template for personal data breach notifications. The initiative forms part of the EDPB’s Helsinki Statement programme, which aims to make compliance with the General Data Protection Regulation (GDPR) easier and more consistent across the European Union.
The template has been designed to help organizations and Data Protection Authorities (DPAs) structure, harmonize, and unify their data breach notification processes. It is intended to ensure that notifications contain the information required under Article 33 GDPR, which governs the notification of a personal data breach to the competent supervisory authority, thereby making it easier for organizations to submit a timely notification and facilitating the assessment of each case by the responsible DPAs.
To that end, the template provides predefined options to choose from, together with further guidance on how to complete the relevant fields. The EDPB notes that this approach should help save time and reduce costs, particularly for smaller organizations that lack dedicated Data Protection Officers (DPOs) or in-house legal resources.
The template is subject to public consultation until 5 August 2026, giving stakeholders the opportunity to share comments and feedback on its content. Following the consultation, the EDPB will decide on the timeline for the practical implementation of the template by all DPAs.
Click here to access the EDPB’s common template for data breach notifications.
