26 January 2018 Reed Smith Client Alerts

Four months until the GDPR: Which EU countries have already implemented local GDPR laws? Is there anything relevant in these laws?

Home Publikationen Four months until the GDPR: Which EU countries have already implemented local GDPR laws? Is there anything relevant in these laws?

The GDPR will eventually be in effect on May 25, 2018. The GDPR will mostly harmonize data protection law throughout the EU. However, the law will not be harmonized completely as the GDPR comprises more than 70 opening clauses leaving room for the EU Member States’ legislators to implement (stricter, less strict, or more detailed) rules. To help clients identify specifics for all Member States at one glance, Reed Smith, in cooperation with partner law firms from every EU Member State, has been compiling an overview of local GDPR implementations on various aspects of the GDPR.

In the linked document, you will find – listed by EU Member State – the current status of each Member State’s local GDPR laws, links to drafts, and a couple of highlights from each Member State. The current status of the local GDPR adjustment laws are also shown, along with links to existing provisions, and the information status.

Autoren: Andreas Splittgerber Cynthia O'Donoghue Friederike Wilde-Detmering Daniel Kadar

The GDPR’s opening clauses

January 28 is International Data Privacy Day. The purpose of the day is to raise awareness and promote privacy and data protection best practices. Although the EU General Data Protection Regulation (GDPR) is omnipresent when it comes to data protection at the moment, we take the opportunity of this particular day to highlight one of the GDPR’s issues: the opening clauses.

The GDPR intends to strengthen and unify data protection law within the EU. However, the hoped for harmonization of laws will not be achieved completely as a certain level of complexity will remain because of the so-called opening clauses. These clauses permit Member States to modify the provisions of the Article relating to the opening clause in question, thereby implementing stricter local rules than set out in the Article. The GDPR comprises more than 70 opening clauses and therefore many and varied local specifics have to be observed with regard to European data protection laws.

The opening clauses cover a wide variety of aspects relating to data protection. For example, Member States may implement local rules on important issues, such as the requirements for the designation of a data protection officer, the age of consent of children, data protection in the context of employment, and data breach notification obligations.

So far, only Germany has passed an Act to implement the GDPR, making use of the opening clauses. Many other countries have already published draft Bills, but with barely four more months to go, considerable uncertainty remains about preparations throughout the EU.

Reed Smith’s present for you

To help you and your organization obtain information on local specifics and to prepare accordingly, Reed Smith, in cooperation with partner law firms from all 28 Member States, has compiled an overview of the current status in each country and the (planned) utilization of the opening clauses. The chart shows the status of legislation in the EU Member States and is updated regularly. Over time, additional aspects covered by the opening clauses will be added, providing further information on the most important local specifics in each EU Member State.

We, Reed Smith, and all our partner law firms are happy to help you and your organizations with questions relating to the GDPR and local implementation. Contact details for every jurisdiction are listed in this full chart. Click here to view the current status of the local GDPR adjustment laws, links to existing provisions, and the information status.

Client Alert 2018-027