||Any other areas under discussion
|Belgium||28.07.2017||Belgian Privacy Commission published DPO recommendations on 24 May 2017 and recommendations on records of processing activites on 14 June 2017.|
|France||29.06.2017||Report expresses need for clarification of data portability right provided by GDPR compared with data portability right in French Digital Republic law.
|Ireland||12.09.2017||The Data Protection Commissioner is to be replaced with a new legal entity to be known as the Data Protection Commission.|
|Italy||28.06.2017||The Garante Guide notes that:
• Controllers and Processors should use symbols and icons suggested by DPA's Decisions on CCTV systems and banks, together with a complete and exhaustive privacy notice;
• DPA will provide guidance on meaning of "reasonable fees" and security measures for processing sensitive data;
• measures appointing staff to process and track bank users' activity should be maintained; and
• records of processing activities for organisations with fewer than 250 persons employed should be maintained.
|Netherlands||28.06.2017||Draft Act stipulates that:
• Article 34 GDPR is not applicable where it concerns financial institutions;
• Article 22 GDPR does not apply where automated processing/profiling is necessary for compliance with a legal obligation or if processing is necessary for the performance of a task carried out in the public interest. This exception only applies if there is a specific legal basis for profiling.
|Poland||01.08.2017||Ministry of Digitalisation to create an administrative and a civil procedure for data subjects to pursue their rights.|
|UK||07.08.2017||Derogation for automated decision taking to be implement (examples given are financial services related).