This update concerns general GDPR data protection compliance and inspection priorities, which falls outside the payments-specific product and service taxonomy.
While payment processors may be subject to GDPR inspections, this announcement is a general data protection enforcement initiative with no specific reference to payments services, payment institutions, or payments-related data handling.
Specialism
The update describes Austria's Data Protection Authority's thematic inspection programme targeting GDPR compliance, specifically data processing security, risk assessments, and transparency obligations for all organisations processing personal data.
Low confidence — requires human review. While the inspection programme represents supervisory oversight activity, the primary focus is GDPR data protection compliance rather than ongoing regulatory supervision of payment firms specifically.
2026-06-24 13:56:17·admin-dev@vixio.com
Meta Id
3265897
Content ID
3274379
GUID
89da049918ac85b9dbdd3e195badb177
Bekanntmachungen der Datenschutzbehörde:
Ursprüngliche Meldung vom 08.
Pipeline Progress
🔄 Pipeline Journey
⏱
9s
total
✓
Queued13:56:07
+0s
✓
Metadata13:56:07
+0s
✓
S3 Content13:56:07
+0s
✓
Extracted13:56:07
+5s
✓
LLM Gen13:56:12
+4s
✓
Stored13:56:16
TITLE: Austria's Data Protection Authority Announces 2026 Thematic Inspection Programme
BODY:
On January 8, 2026, Austria's Data Protection Authority announced its thematic inspection programme for 2026, which will be conducted in two phases targeting data controllers and data processors.
The first phase focuses on data processing security requirements under Article 32 of the General Data Protection Regulation (GDPR), including risk assessments and associated documentation obligations under Articles 30 and 35 of the GDPR. The Authority will initiate proceedings against selected controllers and processors in March 2026. The second phase's focus area was scheduled to be announced in June 2026.
On June 24, 2026, the Authority confirmed that the second phase will address transparency and information obligations under the GDPR, aligning with the Coordinated Enforcement Framework of the European Data Protection Board (EDPB). The second phase will incorporate a questionnaire from the EDPB's annual Coordinated Enforcement Framework.
The thematic inspection programme applies to all organisations processing personal data within Austria's jurisdiction. These inspections are significant as they establish enforcement priorities and signal the Authority's focus areas for compliance monitoring. Organisations subject to the GDPR should ensure their data processing security measures, risk assessments, and documentation are current and compliant, particularly ahead of the March 2026 commencement of first-phase proceedings. Additionally, organisations should review their transparency and information practices to align with GDPR requirements in anticipation of the second-phase inspections.
Information zur Schwerpunktprüfung 2026 - Update Bekanntmachungen der Datenschutzbehörde Information zur Schwerpunktprüfung 2026 - Update Ursprüngliche Meldung vom 08.01.2026: Die Datenschutzbehörde führt auch im Jahr 2026 Schwerpunktprüfungen durch. Die Prüfungen erfolgen in zwei Teilen: Im ersten Teil stehen die Vorgaben zur Sicherheit der Verarbeitung gemäß Art. 32 DSGVO (einschließlich der Risikobewertung sowie die damit verbundenen Dokumentationspflichten nach Art. 30 und ggf. Art. 35 DSGVO) im Mittelpunkt. Die Einleitung der Verfahren gegen ausgewählte Verantwortliche und Auftragsverarbeiter ist für März 2026 vorgesehen. Der Schwerpunkt des zweiten Teils wird im Juni 2026 bekannt gegeben. Der zweite Teil wird zusätzlich mit einem Fragebogen des jährlichen Coordinated Enforcement Framework des Europäischen Datenschutzausschusses kombiniert. Update vom 24.06.2026: Der zweite Schwerpunkt orientiert sich am Coordinated Enforcement Framework des Europäischen Datenschutzausschusses, behandelt werden daher die Transparenz- und Informationsverpflichtungen unter der DSGVO. Top