EDPB 2026-2027 Work Programme: New GDPR Templates

The European Data Protection Board (EDPB) has adopted its work programme for 2026-2027, with a clear focus on making GDPR compliance simpler for organisations. The announcement was published on 13 February 2026 on the official EDPB website.

What is the EDPB planning?

According to the EDPB, easing compliance is a top priority for the coming two years. A key part of this plan is the development of ready-to-use templates that organisations can use to meet their GDPR obligations.

The EDPB says it will develop templates for:

• Legitimate interest assessment
• Record of processing activities
• Privacy notice and privacy policy

These are in addition to templates for data breach notifications and data protection impact assessments, which the EDPB had already announced previously.

The idea is straightforward: instead of building these documents from scratch, organisations will eventually be able to work from a standardised starting point provided by the EDPB itself.

Why is this happening?

According to the EDPB, the work programme builds on commitments made in the Helsinki Statement, which focused on making GDPR compliance easier, strengthening consistency and improving cooperation across regulatory areas. Simplifying compliance for organisations is described as a central goal of the EDPB's broader strategy for 2024-2027.

No specific deadlines for delivering the templates have been stated at this point.

What does this mean for your website?

If you are still working on getting your privacy policy, processing records or legitimate interest assessments in order, these upcoming templates could make that process more manageable. In the meantime, it is worth reviewing what you already have in place using our GDPR compliance checklist and checking whether your privacy policy meets current requirements. The EDPB's direction of travel is clear: GDPR compliance should be achievable for organisations of all sizes, and practical tools are on the way to help with that.