Brussels, 14 October - During its October plenary, the European Data Protection Board (EDPB) picked the topic for its fifth coordinated enforcement action, which will concern compliance with the obligations of transparency and information under the General Data Protection Regulation (GDPR). The GDPR ensures that individuals are informed when their data is being processed (under Art. 12, 13 and 14). This right to be informed is a core element of transparency and ensures that individuals have more control over their data.
In a coordinated action, the EDPB prioritises a certain topic for Data Protection Authorities (DPAs) to work on at national level. The results of these national actions are then aggregated and analysed to generate deeper insight into the topic and allowing for targeted follow-up at both national and European level if needed.
Participating DPAs will join this new action on a voluntary basis in the coming weeks and the action itself will be launched over the course of 2026.
CEF achievements so far
In recent years, the EDPB has carried out various coordinated actions on different topics, publishing reports on their results. Specifically:
- use of cloud-based services by the public sector (2023)
- designation and position of Data Protection Officers (2024)
- implementation of the right of access by controllers (2025)
Earlier this year, the EDPB has launched a coordinated action on the right to erasure or the “right to be forgotten” (Art.17 GDPR). The report on the outcome of this action will be adopted in the coming months.
Background
This new coordinated action follows the EDPB’s decision to set up a Coordinated Enforcement Framework (CEF) in October 2020. The CEF is a key action of the EDPB under its 2024-2027 Strategy, together with the creation of a Support Pool of Experts (SPE). The two initiatives aim to streamline enforcement and cooperation among DPAs.