Any other areas under discussion

Last reviewed
Any other areas under discussion
Belgium 28.07.2017 Belgian Privacy Commission published DPO recommendations on 24 May 2017 and recommendations on records of processing activites on 14 June 2017.
Czech Republic 29.06.2017 n/a
Denmark 29.06.2017 n/a
Finland 02.08.2017 n/a
France 29.06.2017 Report expresses need for clarification of data portability right provided by GDPR compared with data portability right in French Digital Republic law.
Germany 07.08.2017 n/a
Ireland  12.09.2017 The Data Protection Commissioner is to be replaced with a new legal entity to be known as the Data Protection Commission.
Italy 28.06.2017 The Garante Guide notes that:
• Controllers and Processors should use symbols and icons suggested by DPA's Decisions on CCTV systems and banks, together with a complete and exhaustive privacy notice;
• DPA will provide guidance on meaning of "reasonable fees" and security measures for processing sensitive data;
• measures appointing staff to process and track bank users' activity should be maintained; and
• records of processing activities for organisations with fewer than 250 persons employed should be maintained.

Netherlands 28.06.2017 Draft Act stipulates that:
• Article 34 GDPR is not applicable where it concerns financial institutions;
• Article 22 GDPR does not apply where automated processing/profiling is necessary for compliance with a legal obligation or if processing is necessary for the performance of a task carried out in the public interest. This exception only applies if there is a specific legal basis for profiling.
Poland 01.08.2017 Ministry of Digitalisation to create an administrative and a civil procedure for data subjects to pursue their rights.
Spain 27.07.2017 n/a
Sweden 17.07.2017 n/a
UK 07.08.2017 Derogation for automated decision taking to be implement (examples given are financial services related).