The European Data Protection Board (EDPB) published on Valentine's Day 2023 its working program for the next two years. Organizations (EU and non-EU) that are dealing with EU GDPR (#DataProtection) compliance should have this agenda on the radar when determining their own data strategy for next years.
These are the most important topics:
Data breaches, children data, data subject rights, use of social media by government bodies, health data, international adequacy decisions, BCRs, anonymization/pseudonymization, AI Act vs. GDPR, telemetry usage data and harmonized enforcement.
Most topics are not really surprising.
I would have expected also focus on adtech and had hoped for stronger guidance to finally solve the burdensome data transfers topic, especially in cloud situation, and also a stronger focus on AI related topics. Use of social media by government bodies looks like a cautious approach that, however, will give indirect guidance also to private organizations.
/Passle/5db069e28cb62309f866c3ee/MediaLibrary/Images/2025-06-30-18-20-05-882-6862d555bf3898129ef17194.jpg)
/Passle/5db069e28cb62309f866c3ee/MediaLibrary/Images/2025-09-08-14-53-13-586-68beedd97356a10e44369bc6.jpg)
/Passle/5db069e28cb62309f866c3ee/SearchServiceImages/2025-11-11-13-31-47-927-69133ac3467786c9045c67f6.jpg)
/Passle/5db069e28cb62309f866c3ee/SearchServiceImages/2025-11-10-17-17-14-414-69121e1abe557da3fa79e317.jpg)