EDPB launches coordinated enforcement action on GDPR transparency obligations
The European Data Protection Board (EDPB) has selected transparency and information obligations under the General Data Protection Regulation (GDPR) as the focus of its fifth coordinated enforcement action. The GDPR requires that data subjects be informed when their personal data are processed, primarily through Articles 12, 13 and 14. Clear and accessible information is a fundamental element of transparency and supports individuals’ ability to exercise their data protection rights.
The coordinated action will ask national Data Protection Authorities (DPAs) across the EU to prioritise checks on how controllers provide information to data subjects. Participation by DPAs is voluntary; those that opt in will carry out national-level assessments, the results of which will be gathered and analysed by the EDPB. The action is scheduled to be launched during 2026 following the upcoming recruitment period for participating authorities.
This initiative continues the EDPB’s use of its Coordinated Enforcement Framework (CEF), established in October 2020, to harmonise supervisory activity across Member States. The CEF is a central element of the EDPB’s 2024–2027 Strategy and operates alongside the Support Pool of Experts (SPE) to streamline cross-border cooperation and enforcement. Previous coordinated actions produced reports on topics such as cloud use by the public sector (2023), designation and role of Data Protection Officers (2024), and implementation of the right of access (2025).
Earlier in 2025 the EDPB also launched a coordinated action on the right to erasure (Article 17); the report on that exercise will be adopted in the coming months. The transparency-focused action will build on lessons learned from past CEF projects and aims to identify common shortcomings and good practices, enabling targeted follow-up at national and EU levels when needed.
