Approach to implementation

Overview

Country
Last reviewed
Approach to implementation 
e.g amendments to existing law, total repeal of old laws
Belgium 28.07.2017 n/a
Czech Republic 29.06.2017 n/a
Denmark 29.06.2017 n/a
Finland 02.08.2017 The new Data Protection Act will abrogate the current Personal Data Act. It is still unclear how the GDPR will affect several hundred currently applicable special laws on data protection.
France 29.06.2017 n/a 
Germany 07.08.2017 GDPR is treated like a Directive. Almost all opening clauses are used. GDPR-regulated areas are combined with out-of-scope-areas such as law enforcement and national security.
Hungary  16.10.2017 According to the published draft bill the InfoAct is going to remain in force but its scope will be limited to data processing activities which are not within the scope of the GDPR. As far activities covered by the GDPR are concerned, only certain provisions of the InfoAct will be applicable. These provisions will be listed in Article 2 of the InfoAct (in its amended form).
Ireland  12.09.2017  Data Protection Bill to cover GDPR and the Law Enforcement Directive.

Data Protection Acts 1988 and 2003 (the “DPA”) to be largely superseded. It has yet to be decided whether certain parts of the DPA will be retained, or whether they will be repealed and replaced in their entirety by the Data Protection Bill.

Exemptions from GDPR to be contained in the Data Protection Bill and in secondary legislation to be adopted under the Data Protection Bill. No details are provided as to what exemptions are likely to be made via such secondary legislation.
Italy 28.06.2017 n/a
Netherlands 28.06.2017 GDPR Execution Act to repeal the current Dutch Data Protection Act.
Poland 01.08.2017 Current Data Protection Law will be repealed and replaced by new legislation. GIODO will be replaced by a new DP authority.
Spain 27.07.2017 Organic Law 15/1999 to be repealed and replaced by new Data Protection Act.
Sweden 17.07.2017 n/a
UK 07.08.2017 DPA '98 to be repealed. One Act to be implemented covering GDPR (i.e sections where UK must or can introduce domestic legislation for particular situations) and the Law Enforcement Directive. Where possible, derogations, or special rules under the DPA 1998 (for example, special conditions allowing the processing of sensitive personal data) will be carried forward into this new Bill. The new Bill will, therefore, aim to ensure continuity with the current UK regime in key areas, where permitted by GDPR and the LE Directive.