The EDPS is the European Union’s independent data protection authority. We monitor and ensure the protection of personal data and privacy when EU institutions and bodies process the personal information of individuals, and we advise the EU legislator on proposals for legislation and new policies. Data protection is crucial for society, as citizens become increasingly dependent on the use of information technology and as personal information is collected or generated on an ever-increasing scale. This report explains the work and the strategy of the EDPS as we enter a new phase marked by new... challenges, in particular an increase in our activities at a time of budget restraint. The report describes the consultation of internal and external stakeholders and their detailed comments on our work. This valuable input has enabled us to develop our guiding principles and to set a detailed action plan for achieving our strategic objectives. The report concludes with a list of performance indicators to measure success. These actions will maximise the impact of our work on data protection at EU level and increase effi ciency by making the best use of resources. In general, stakeholders have praised the EDPS as a knowledgeable and authoritative body, providing strong leadership and data protection expertise. However, they made several suggestions for action, including the need for the EDPS to engage more closely with stakeholders and better understand their policies and institutional constraints, to work harder to raise awareness of data protection and make it more accessible, to improve our knowledge of IT issues, to be selective and focus on areas of high priority or high risk, and to support the Data Protection Offi cers (DPOs) and Data Protection Coordinators/Contact Points (DPCs) who are on the frontline of data protection in the EU institutions and bodies. We have reassessed our priorities and reallocated our resources to increase our effi ciency and eff ectiveness to take account of these suggestions. Using our expertise, authority and formal powers we aim to build awareness of data protection as a fundamental right and as a vital part of good public policy and administration for EU institutions. Acting selectively and proportionately, we seek to ensure that data protection will be an integral part of policy-making and legislation, in all areas where the EU has competence. We will focus our attention and eff orts on areas of policy or administration that present the highest risk of non-compliance or impact on privacy. In particular, we have identifi ed activities that emphasise the accountability of policy makers and data controllers and activities that build on the crucial role of DPOs. These activities are key parts of the proposed legislative reforms, and we hope they will show how levels of compliance can be raised in a period of budget restraint. We will use this strategy over the period 2013–2014 and develop it further thereafter. This will better enable us to respond eff ectively to the challenge of achieving excellence in data protection at European level.