EDPB adopts a harmonised GDPR Article 33 breach-notification template — consultation open to 5 August

The EDPB adopted a draft common EU/EEA personal-data-breach notification template at its June plenary and opened public consultation until 5 August 2026 (EDPB, 2026-06-10). The template is a structured common form with predefined answer options and fill-in guidance, designed to replace the current patchwork in which each national DPA maintains its own notification form. After 5 August the EDPB will publish a timeline for mandatory adoption by all DPAs — the point at which it becomes the channel. What defenders should do differently: breach-response process owners with multi-jurisdiction obligations should review the draft now and begin aligning their incident-response notification playbooks to the common template. Swiss organisations under the nFADP have no direct EDPB obligation but need aligned preparation for any EU-nexus incident notifiable to an EU DPA.