EDPB Work Programme 2026-2027

EDPB News

Published January 1st, 2026

Detected February 12th, 2026

Summary

The European Data Protection Board (EDPB) has adopted its work programme for 2026-2027, focusing on enhancing harmonisation, promoting compliance with GDPR, and strengthening enforcement cooperation. The programme outlines key initiatives including new guidelines on AI, consent, and anonymisation, alongside efforts to simplify GDPR compliance for stakeholders.

View original document View source feed page

What changed

The European Data Protection Board (EDPB) has released its work programme for 2026-2027, detailing strategic priorities aimed at harmonising data protection law across the EU and reinforcing enforcement cooperation. Key initiatives include the development of new guidelines on critical areas such as generative AI, 'consent or pay' models, anonymisation, and pseudonymisation, as well as specific guidance on children's data. The programme also emphasizes creating accessible compliance tools like templates, FAQs, and checklists for a broader audience, including non-experts, and advising the EU legislature on data protection matters.

This work programme signals a proactive approach to evolving digital landscapes and aims to make GDPR compliance more manageable for controllers and processors. Regulated entities, particularly technology companies and employers, should anticipate updated guidance and potentially new compliance requirements related to AI and data processing. While this document outlines the EDPB's planned activities and does not impose immediate new obligations, it indicates areas where future regulatory focus and enforcement will likely intensify, necessitating ongoing monitoring and preparation for potential changes in compliance practices.

What to do next

Review planned EDPB guidance on AI, consent, and anonymisation for potential compliance impacts.
Assess current data processing activities against the stated priorities of the EDPB work programme.
Prepare for potential updates to compliance tools and resources based on EDPB's output.

Source document (simplified)

Brussels, 12 February - During its latest plenary, the EDPB adopted its work programme for 2026-2027. This is the second work programme to support the implementation of the EDPB strategy 2024-2027 *.

The work programme is based on the priorities set out in the EDPB strategy and the needs identified as most critical for stakeholders. It also takes into account the commitments made in the Helsinki Statement on enhanced clarity, support and engagement aimed at making GDPR compliance easier, strengthening consistency, and boosting cross-regulatory cooperation.

Built on the four pillars of the EDPB strategy, the work programme focuses on 1) enhancing harmonisation and promoting compliance, 2) reinforcing a common enforcement culture and effective cooperation, 3) safeguarding data protection in the developing digital and cross-regulatory landscape, and 4) contributing to the global dialogue on data protection.

Enhancing harmonisation and promoting compliance

The EDPB will continue to provide timely and clear guidance on key issues and concepts of EU data protection law to make GDPR compliance easier. For example, the EDPB is working on guidelines on Consent or Pay, guidelines on anonymisation, guidelines on pseudonymisation and guidelines on children’s data. The Board will also develop and promote tools for a broader audience, by producing content for non-experts, such as templates, illustrative examples, checklists, FAQs and “how to” guides.

The EDPB will support the implementation of compliance measures for controllers and processors.

The EDPB will advise the EU legislature on important issues related to the protection of personal data in the EU. This includes giving advice on legislative proposals, together with the EDPS in the context of joint opinions such as with the Digital Omnibus, in response to any requests from the European Commission.

Reinforcing a common enforcement culture and effective cooperation

“We will continue working together to ensure greater consistency across Europe and to strengthen cooperation among Data Protection Authorities.
The commitments we made last year in our Helsinki statement will be our compass going forward. We will also embrace the opportunities that come with the recently adopted Regulation on GDPR procedural rules.”
EDPB Chair, Anu Talus
The EDPB will remain fully committed to fulfil its role as a forum to regularly exchange information on ongoing cases, expertise and best practices among DPAs. The Board will also continue to support the development of enforcement and cooperation tools and will focus on ensuring the smooth functioning of the consistency mechanism.

The IT tools and systems used by the Board will be evaluated and enhanced.

Safeguarding data protection in the developing digital and cross-regulatory landscape

The EDPB will continue to promote a human-centric approach to new technologies, including via the adoption of guidelines on generative AI and data-scraping.

The EDPB will proactively engage with other regulatory authorities on matters relating to data protection to support the new cross-regulatory landscape. The Board will continue to take an active role in relevant forums, including the Digital Markets Act (DMA) High Level Group, the European Board for Digital Services and the European Data Innovation Board.

The Board will establish common positions and guidance in the cross-regulatory and interdisciplinary landscape, while maintaining coherent and consistent safeguards for the protection of personal data. Guidance in this regard will include joint guidelines on the Interplay between the AI Act and the GDPR and guidelines on political advertising.

Contributing to the global dialogue on data protection

The EDPB commits to promoting global dialogue on privacy and data protection, focusing on international cooperation in enforcement among its members and also with authorities of third countries. It will continue its initiative of close cooperation with DPAs from the countries or organisations with an adequacy decision.

The EDPB will also continue to work on the GDPR and Law Enforcement Directive (LED) transfer mechanisms and provide further guidance on their practical implementation.

The EDPB will be engaged with the international community, making sure to facilitate the exchange of information and cooperation among the EDPB members active in international forums.

Note to editors:
* The first work programme supporting the EDPB strategy 2024-2027 can be found here.