On 19 March 2026, the European Data Protection Board (EDPB) launched this year’s Coordinated Enforcement Framework (CEF) action, focusing on compliance with the GDPR’s transparency and information obligations. Under Articles 12, 13 and 14 of the GDPR, individuals must be informed when their personal data is being processed. This right to be informed is a fundamental component of transparency and enables individuals to exercise greater control over their data.

Throughout 2026, 25 Supervisory Authorities (SAs) across the European Economic Area (EEA) will take part in this initiative. Their work will centre on assessing how well data controllers comply with their transparency duties under the GDPR. To evaluate practical compliance with the right to be informed, participating SAs will implement the CEF through one or more of the following measures:

· questionnaires sent to data controllers as part of a fact-finding exercise or to identify if a formal investigation is warranted

· commencement of a formal investigation

· and/or follow-up of ongoing formal investigations.

As with previous CEF cycles, the collective results will be analysed in a coordinated manner, followed by a joint decision on any further supervisory or enforcement actions. The aggregated findings will contribute to a deeper understanding of transparency practices and support targeted follow-up measures at both national and EU level. The EDPB will publish a report on the outcome once the relevant actions have concluded.

This marks the fifth annual initiative under the CEF, which aims to strengthen coordination and streamline enforcement among SAs through year-long, pre-agreed joint actions and investigations.

Earlier CEF actions have examined:

· the use of cloud services by the public sector (2022)

· the designation and position of Data Protection Officers (2023)

· the implementation of the right of access by controllers (2024), and

· the right to erasure, or the “right to be forgotten”, under Article 17 GDPR (2025).