Site Navigation
Main Content
Search
Search
English
Dansk
Deutsch
English
Español
Français
Italiano
Polski
Suomi
Svenska
Main menu
Client Solutions
Where We Work
Regions
Africa
Asia-Pacific
Central and Eastern Europe
India
Israel
Latin America
Middle East
Nordic Region
North America
Russia and the CIS
Southeast Europe and Turkey
Switzerland and Austria
Western Europe
Offices
Australia
Belgium
China
Czech Republic & Slovakia
Denmark
Finland
France
Germany
Hungary
Italy
Luxembourg
Netherlands
Poland
Singapore
Spain
Sweden
UK
United Arab Emirates
Expertise
Practice Areas
Banking & Finance
Commercial
Competition & EU Law
Corporate
Dispute Resolution
Franchising
Intellectual Property
International HR Services
Outsourcing
Privacy and Data Protection
Public Projects and Procurement
Real Estate
Regulatory and Administrative
Restructuring and Insolvency
Tax
Trade and Customs
Transformational Projects
Sectors
Aerospace, Defence & Security
Automotive
Aviation
Energy & Utilities
Financial Services
Life Sciences and Healthcare
Media, Entertainment and Sport
Retail and Consumer
Technology & Communications
Our Lawyers
News & Events
News Centre
Industry News
Firm news
Events
Hot Topics
Video Library
Careers
Experienced Lawyers
Business Services
Graduates
About
Contact
Bird & Bird
Hot Topics
General Data Protection Regulation
GDPR Tracker
Any other areas under discussion
Print
Twitter
Google+
LinkedIn
View more
Any other areas under discussion
Overview
Country
Last reviewed
Any other areas under discussion
Belgium
28.07.2017
Belgian Privacy Commission published DPO recommendations on 24 May 2017 and recommendations on records of processing activites on 14 June 2017.
Czech Republic
29.06.2017
n/a
Denmark
29.06.2017
n/a
Finland
02.08.2017
n/a
France
29.06.2017
Report expresses need for clarification of data portability right provided by GDPR compared with data portability right in French Digital Republic law.
Germany
07.08.2017
n/a
Hungary
16.10.2017
n/a
Ireland
12.09.2017
The Data Protection Commissioner is to be replaced with a new legal entity to be known as the Data Protection Commission.
Italy
28.06.2017
The Garante Guide notes that:
• Controllers and Processors should use symbols and icons suggested by DPA's Decisions on CCTV systems and banks, together with a complete and exhaustive privacy notice;
• DPA will provide guidance on meaning of "reasonable fees" and security measures for processing sensitive data;
• measures appointing staff to process and track bank users' activity should be maintained; and
• records of processing activities for organisations with fewer than 250 persons employed should be maintained.
Netherlands
28.06.2017
Draft Act stipulates that:
• Article 34 GDPR is not applicable where it concerns financial institutions;
• Article 22 GDPR does not apply where automated processing/profiling is necessary for compliance with a legal obligation or if processing is necessary for the performance of a task carried out in the public interest. This exception only applies if there is a specific legal basis for profiling.
Poland
01.08.2017
Ministry of Digitalisation to create an administrative and a civil procedure for data subjects to pursue their rights.
Spain
27.07.2017
n/a
Sweden
17.07.2017
n/a
UK
07.08.2017
Derogation for automated decision taking to be implement (examples given are financial services related).