EDPB 2026 Enforcement: GDPR Transparency & Privacy Notice Ru
Source: EDPB
The European Data Protection Board (EDPB) has announced a major coordinated enforcement action for 2026, focused on how businesses inform people about the use of their personal data. According to the EDPB, 25 data protection authorities (DPAs) across Europe are taking part in this initiative, which was launched on 19 March 2026.
What is this about?
The action falls under the EDPB's Coordinated Enforcement Framework (CEF), which brings together DPAs from across EU member states to work on a shared compliance theme each year. This year, the focus is on transparency and information obligations under the GDPR, specifically the requirements set out in Art. 12, Art. 13 and Art. 14.
In plain terms, these articles require businesses to clearly tell people what personal data they collect, why they collect it, how long they keep it and what rights people have. This information typically appears in a privacy policy or privacy notice on a website.
What will the DPAs actually do?
According to the EDPB, the participating DPAs will contact controllers from different sectors across Europe. This contact may take the form of a formal enforcement action or a fact-finding exercise. If a DPA finds issues during a fact-finding exercise, it may decide to take further follow-up action.
Later in 2026, the participating DPAs will share their findings with each other. A consolidated report will then be drafted and submitted for adoption by the EDPB. The EDPB has indicated that targeted follow-ups are anticipated at both national and EU levels.
It is not yet known which sectors will be targeted, what criteria DPAs will use to assess compliance, or whether fines or sanctions will result from the actions.
What does this mean for your website?
If your website collects any personal data, such as names, email addresses or browsing behaviour, your privacy notice needs to meet the requirements of Art. 12, Art. 13 and Art. 14 of the GDPR. Now is a good time to review whether your privacy policy is complete, written in plain language and easy for visitors to find. You can use our GDPR compliance checklist and privacy policy requirements guide to check whether your current setup holds up.
Source: EDPB, 19 March 2026
Check your website now
Free website scan covering GDPR, copyright, accessibility, security, and more.
Scan your site freeRelated articles
EDPB 2026-2027 Work Programme: New GDPR Templates
The EDPB adopts a 2026-2027 plan to simplify GDPR compliance with new ready-to-use templates for privacy policies, breach notifications, and more.
EDPB Report: GDPR Right to Erasure Challenges & Compliance
New EDPB report reveals recurring issues with GDPR erasure requests. Learn how to fix compliance gaps before the next enforcement wave.