| Country |
Last reviewed |
Any other areas under discussion |
|---|---|---|
| Belgium | 28.07.2017 | Belgian Privacy Commission published DPO recommendations on 24 May 2017 and recommendations on records of processing activites on 14 June 2017. |
| Czech Republic | 29.06.2017 | n/a |
| Denmark | 29.06.2017 | n/a |
| Finland | 02.08.2017 | n/a |
| France | 29.06.2017 | Report expresses need for clarification of data portability right provided by GDPR compared with data portability right in French Digital Republic law. |
| Germany | 07.08.2017 | n/a |
| Ireland | 12.09.2017 | The Data Protection Commissioner is to be replaced with a new legal entity to be known as the Data Protection Commission. |
| Italy | 28.06.2017 | The Garante Guide notes that: • Controllers and Processors should use symbols and icons suggested by DPA's Decisions on CCTV systems and banks, together with a complete and exhaustive privacy notice; • DPA will provide guidance on meaning of "reasonable fees" and security measures for processing sensitive data; • measures appointing staff to process and track bank users' activity should be maintained; and • records of processing activities for organisations with fewer than 250 persons employed should be maintained. |
| Netherlands | 28.06.2017 | Draft Act stipulates that: • Article 34 GDPR is not applicable where it concerns financial institutions; • Article 22 GDPR does not apply where automated processing/profiling is necessary for compliance with a legal obligation or if processing is necessary for the performance of a task carried out in the public interest. This exception only applies if there is a specific legal basis for profiling. |
| Poland | 01.08.2017 | Ministry of Digitalisation to create an administrative and a civil procedure for data subjects to pursue their rights. |
| Spain | 27.07.2017 | n/a |
| Sweden | 17.07.2017 | n/a |
| UK | 07.08.2017 | Derogation for automated decision taking to be implement (examples given are financial services related). |