EDPB adopts common data breach notification template for GDPR compliance

The new template aims to make data breach notifications easier for organisations and DPAs to process.
EDPB common template for GDPR data breach notifications and digital regulation discussions

The European Data Protection Board (EDPB) has adopted a common template for data breach notifications as part of efforts to simplify GDPR compliance and improve consistency across the EU. The template is intended to help organisations and Data Protection Authorities structure, harmonise and unify breach notification processes.

The template is designed to ensure that data breach notifications contain the information required under Article 33 of the GDPR, which governs the notification of personal data breaches to supervisory authorities. The EDPB said the common format should make it easier for organisations to submit timely data breach notifications and help responsible authorities assess cases.

The template includes predefined fields, response options and guidance to help organisations complete notifications more efficiently. The EDPB said the approach could reduce administrative costs and save time, particularly for smaller organisations that lack dedicated data protection or legal expertise.

The template will be subject to public consultation until 5 August 2026. Following the consultation, the EDPB will determine the timeline for implementation by national Data Protection Authorities.

During the same plenary, the EDPB met with Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection Michael McGrath to discuss common priorities. The Digital Omnibus package was also discussed, with the Board warning that proposed changes to the definition of personal data could significantly weaken privacy protections for individuals.

Discussions also covered cross-regulatory cooperation, children’s data, political advertising, and international data transfers. The Board also stressed that adequate funding and staffing for Data Protection Authorities remain essential for the effective enforcement of data protection rules.

Why does it matter?

Data breach notification requirements are a key component of the GDPR, helping regulators assess risks and ensuring organisations respond appropriately when personal data is compromised. However, differences in reporting practices across EU member states can create additional compliance burdens, particularly for smaller organisations operating across multiple jurisdictions.

The common template represents another step towards greater regulatory harmonisation within the EU’s data protection framework. By standardising breach reporting requirements, the EDPB aims to reduce administrative complexity, improve the quality of notifications and support more consistent enforcement of data protection rules across Europe.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.