EDPB adopts data breach notification template

The European Data Protection Board (EDPB) has outlined new initiatives to make GDPR compliance easier for micro, small, and medium-sized organizations, including a data breach notification template.

The EDPB is an independent body that supervises consistent application of the General Data Protection Regulation (GDPR). The Board is composed of representatives of data protection authorities (DPAs) of all 27 EU Member States.

During a high-level meeting in Helsinki on July 1 and 2, 2025, the EDPB members agreed on new initiatives to facilitate easier GDPR compliance in the so-called Helsinki Statement.

The initiatives have been introduced to make GDPR compliance easier, strengthen consistency, and boost cross-regulatory cooperation.

To achieve this, the EDPB has developed a series of ready-to-use templates for organizations, a common template for data breach notifications for DPAs, and easily-applicable resources, including checklists and FAQs to help small and medium-sized organizations understand their key obligations.

Furthermore, the EDPB will invigorate its dialogue with stakeholders to identify areas where further support and clarification is required, and providing the opportunity for stakeholders to flag possible inconsistencies and give feedback.

“The EDPB aims to ensure that compliance with the GDPR can be more easily achieved. By placing fundamental rights into the core of their digital transformation, organizations can ensure that technological advancements and the respect for European values go hand in hand, ultimately building a stronger and more resilient digital economy,” Anu Talus, Chairman of the EDPB, said in a statement.

“The EDPB is committed to helping organizations in achieving GDPR compliance with greater ease and efficiency. Through timely and concise guidance and ready-to-use tools, like a common data breach notification template, checklists, how-tos and FAQs, we will continue to make GDPR alignment achievable and accessible for all,” he adds.

The Dutch DPA has called the Helsinki Statement a ‘milestone.’

“Legislation in the digital age is becoming increasingly complex. Therefore, cooperation with supervisors in other areas is necessary to solve legal and practical problems, and to ensure uniform explanations in this area as well,” the DPA says on its website.