Cybersecurity: EU Adopts Standard Data Breach Template for GDPR

by Zachary Barlow

July 1, 2026

The EU’s General Data Protection Regulation requires companies to notify interested parties when data breaches occur. However, historically, these notices vary substantially from company to company. The EU’s Data Protection Board (EDPB) is changing that. At this month’s meeting, the EDPB adopted a standardized notification template for European companies. A recent K&L Gates memo discusses the benefits of standardization:

“The new common template is designed to help organizations and Data Protection Authorities (DPAs) structure, harmonize and unify their data breach notification processes across Europe…

The new template seeks to address… fragmentation by providing a standardised structure for breach notifications across the EU. It includes predefined values and recommended tools for organisations to facilitate their completion of the form.”

The new template is under public consultation until August 5, 2026, after which the EDPB will adopt an implementation timeline. This template will help companies disclose across member states in the EU without a confusing patchwork of requirements. Currently, formats for data breaches vary between member states. This creates friction for companies operating in multiple member states to disclose data breaches, and costs valuable time when drafting disclosures. The EU hopes that standardizing the system will streamline this process.