Written by: Haim Ravia, Dotan Hammer
The European Data Protection Board (EDPB) adopted its work program for 2026–2027 during its latest plenary session. This is the second work program supporting the implementation of the EDPB’s four-pillar strategy for 2024–2027, and reflects commitments made in the Helsinki Statement on enhanced clarity, support, and engagement.
The program is structured around four pillars. The first pillar focuses on enhancing harmonization and promoting compliance. The EDPB will continue providing guidance on key issues, including Consent or Pay, anonymization, pseudonymization, and children’s data. The EDPB will also develop practical compliance tools for a broader audience, such as templates, checklists, FAQs, and illustrative guides. Following a public consultation, the EDPB announced it will develop EU templates for legitimate interest assessments, records of processing activities, and privacy notices, in addition to previously announced templates for data breach notifications and data protection impact assessments.
The second pillar concerns reinforcing a common enforcement culture and effective cooperation among data protection authorities, including through enhanced IT tools and the recently adopted Regulation on GDPR procedural rules. The third pillar addresses safeguarding data protection in the digital and cross-regulatory landscape, including through the adoption of guidelines on generative AI, data scraping, the interplay between the AI Act and the GDPR, and political advertising. The fourth pillar focuses on contributing to the global dialogue on data protection.
Click here to read the EDPB Work Program 2026–2027.
