On January 25, 2015, the European Commission released a statement with an update about the effects of the adoption of Regulation 2016/679/EU (GDPR). See: Joint Statement by First Vice-President Timmermans, Vice-President Ansip, Commissioners Jourová and Gabriel ahead of Data Protection Day
Since its entry into force on May 25, 2018, “citizens have become more conscious of the importance of data protection and of their rights. And they are now exercising these rights, as national Data Protection Authorities see in their daily work. They have by now received more than 95,000 complaints from citizens.”
So far, 24 member states transposed the GDPR into national law while three (Greece, Portugal, and Slovenia) are still in the process of doing so.
Below a list of the harmonization laws enacted by each EU member state.
Austria: the Datenschutz-Anpassungsgesetz 2018, the “Datenschutzgesetz“.
Belgium: Framework Act (Dutch) Framework Act (French), DPA Act (Dutch), DPA Act (French)
Bulgaria: Law on Amending and Supplementing the Law on Personal Data Protection (LASLPDP)
Croatia: Zakona O Provedbi Opće Uredbe O Zaštiti Podataka, the Act on Implementation of the General Data Protection Regulation (Official Gazette no. 42/2018)
Cyprus: Law n 125(I)/2018
Czech Republic: o zpracování osobních údajů, Bill on the Processing of Personal Data and the Bill amending certain laws in connection with the adoption of the law on the processing of personal data .
Denmark: Lov om supplerende bestemmelser til forordning om beskyttelse af fysiske personer i forbindelse med behandling af personoplysninger og om fri udveksling af sådanne oplysninger, Data Protection Act
Estonia: Isikuandmete kaitse seadus, Personal Data Protection Act
Finland: Tietosuojalaki (1050/2018)
France: LOI n° 2018-493 du 20 juin 2018 relative à la protection des données personnelles
Germany: Federal Data Protection Act, BDSG
Greece: Law 2472/1997, implementing Directive 95/46/EC
Hungary: Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, the Data Protection Act
Ireland: Data Protection Act 2018
Italy: Decreto legge n. 101/2018
Latvia: Fizisko personu datu apstrādes likums, Personal Data Processing Law
Lithuania: Lietuvos Respublikos asmens duomenų teisinės apsaugos įstatymas, Law on Legal Protection of Personal Data of the Republic of Lithuania
Luxembourg: Loi du 1er août 2018 portant organisation de la Commission nationale pour la protection des données et mise en oeuvre du règlement (UE) 2016/679 du Parlement européen et du Conseil du 27 avril 2016 relatif à la protection des personnes physiques à l’égard du traitement des données à caractère personnel et à la libre circulation de ces données, et abrogeant la directive 95/46/CE (règlement général sur la protection des données), portant modification du Code du travail et de la loi modifiée du 25 mars 2015 fixant le régime des traitements et les conditions et modalités d’avancement des fonctionnaires de l’État, Luxembourg Law
Malta: Data Protection Act 2018 (Chapter 586 of the Laws of Malta)
Netherlands: UAVG
Poland: o ochronie danych osobowych, New Data Protection Act
Portugal Act 67/98 of 26 October, Act on the Protection of Personal Data (transposing into the Portuguese legal system Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data)
Romania: Law no. 190/2018
Slovakia: o ochrane osobných údajov a o zmene a doplnení niektorých zákonov, 18/2018 Z. z.
Slovenia: Zakon o varstvu osebnih podatkov, UL RS No. 86/2004 et seq, (ZVOP-1), Slovenian Personal Data Protection Act
Spain: Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales, Data Protection and Digital Rights Act 3/2018
Sweden: Lag (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning, Law (2018: 218) with supplementary provisions to the EU data protection regulation
For other data privacy resources
For more information on how EU privacy may impact your business, contact Francesca Giannoni-Crystal. Thanks to Federica Romanelli
Updated on March 2019