abstract modern architecture with overlay

Since 25 May 2018, the EU General Data Protection Regulation (GDPR) applies directly in all EU Member States. The GDPR contains 50+ so-called opening clauses allowing EU Member States to put national data protection laws in place to supplement the GDPR.

In order to help businesses to analyze and understand those national data protection laws, Baker McKenzie’s GDPR National Legislation Survey provides an overview of the current legislative activities in terms of national data protection laws in the 28 EU Member States and highlights the variations amongst the EU Member States. We are pleased to make available the 5th edition of this continuously updated survey.

New Updates

As of January 2019, 23 out of 28 European Member States have adopted national data protection laws supplementing the GDPR. This update focuses on the following opening clauses:

  1. Article 8 GDPR (age for minor consent)
  2. Article 10 GDPR (processing of data relating to criminal convictions and offences especially in the employment relationship, e.g., background checks, whistleblowing hotlines, internal investigations)
  3. Article 23 GDPR (relevant restrictions on data subject rights)
  4. Article 37(4) GDPR (additional thresholds requiring the appointment of a DPO)
  5. Article 49 (5) GDPR (restrictions on the transfer of sensitive data to third countries without adequacy decision)
  6. Article 87 GDPR (specific rules for the processing of national ID)
  7. Any requirements for notifications with /authorizations by the national data protection authority

This update highlights the importance of understanding not only the GDPR but also the national data protection laws due to the fragmentation resulting from the various national law provisions building on the opening clauses.