EDPB meets with EU Commissioner McGrath and adopts common data breach notification template

The Board held a meeting with Commissioner McGrath, engaging in a fruitful discussion about common priorities and ongoing work on areas of mutual interest.

The Digital Omnibus was among the key topics that shaped the discussion. The Board reiterated that, while several proposed changes have been welcomed by the Board, it is crucial not to adopt the proposed amendments to the definition of personal data, as they risk significantly weakening individual data protection.

The importance of cross-regulatory cooperation was another central theme of the discussion. Commissioner McGrath and the Board explored ways to further strengthen this cooperation and enhance their ability to collaborate effectively within the evolving digital landscape.

The meeting was also an opportunity to exchange on other critically important areas of common interest, including the protection of children. The EDPB is currently working on guidelines on processing children’s data. This week, EDPB representatives also took part in a meeting with the Co-Chairs of the Special Panel on Child Safety Online organised by the European Commission.

Discussions furthermore covered progress in the field of political advertisement, with a focus on the EDPB guidelines on the processing of personal data to target or deliver political advertisements under the regulation on the transparency and targeting of political advertising. In the context of this ongoing work, at its latest plenary, the EDPB has adopted the report on the dedicated stakeholder event held on 27 March 2026.

The discussions also addressed international data transfers and emphasised the importance of cooperation with third countries, which is particularly crucial in reinforcing worldwide data protection standards.

During the discussions, the Board emphasised that adequate funding and staffing of DPAs is essential to fulfil their tasks properly.

Making GDPR compliance easier while enhancing consistency

In line with the EDPB’s Helsinki Statement to make GDPR compliance easier and strengthen consistency across Europe, the EDPB has adopted a common template for data breach notifications, which will be subject to implementation process.

The EDPB common template for data breach notifications has been conceived to help organisations and Data Protection Authorities (DPAs) to structure, harmonise, and unify their data breach notification processes.

The template will help ensure that notifications contain the information required by Art. 33 GDPR (on the notification of a personal data breach to the DPA), making it easier for organisations to submit a timely notification and facilitating the assessment of the case by the responsible DPAs.

The template provides predefined options to choose from, and further guidance on how to fill in the fields. This will help save time and costs, particularly for smaller organisations lacking dedicated Data Protection Officers (DPOs) or legal resources.

The template will be subject to public consultation until 5 August 2026, providing stakeholders with the opportunity to share their comments and feedback on the content of the template. Following the public consultation, the EDPB will decide on the timeline for the practical implementation of the template by all DPAs.