The clock is ticking on the European Union’s new privacy law, the General Data Protection Regulation (GDPR). We’re less than one year away from when the GDPR comes into force, May 25, 2018. This new regulation imposes sweeping privacy protection requirements on any entities that oversee personal data operations or process personal data in the EU. This has the potential to impact companies on an international scale. The new requirements come hand-in-hand with a set of stiff penalties for non-compliance, including punishing fines that can soar to € 20 million or 4% of a company’s annual gross revenue.

Our GDPR Tracker lets you follow regulation updates with ease. We’ve done the research, and we’re keeping you up-to-date on national legislation passed by member states in compliance with the GDPR. We’ll update this page weekly as more information becomes available. If you’d like to schedule a consultation to discuss how the changes will affect your business, feel free to contact us.

 

EU MemberCurrent StatusName of Proposed/Passed LegislationLast Updated
Austria4. Law PassedEnglish: Federal Act amending the Data Protection Act 2000 (Data Protection Amendment Act 2018)

German : Bundesgesetz, mit dem das Datenschutzgesetz 2000 geändert wird (Datenschutz-Anpassungsgesetz 2018)
January 29, 2018
Belgium3. Draft PendingEnglish: Bill Establishing the Data Protection Authority

French: Projet de loi portant création de l'Autorité the protection des données
January 24, 2018
Bulgaria2. In CommitteeJanuary 24, 2018
Croatia1. No Published Legislative ActivityJanuary 24, 2018
Cyprus1. No Published Legislative ActivityJanuary 24, 2018
Czech Republic3. Draft PendingEnglish: Draft Law on the Processing of Personal Data

Czech: Návrh zákona o zpracování osobních údajů
January 24, 2018
Denmark3. Draft PendingEnglish: Act on supplementary provisions for a regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (Data Protection Act)

Danish: Lov om supplerende bestemmelser til forordning om beskyttelse af fysiske personer i forbindelse med behandling af personoplysninger og om fri udveksling af sådanne oplysninger (databeskyttelsesloven)
January 24, 2018
Estonia3. Draft PendingEnglish: Personal Data Protection Act

Estonian: Isikuandmete kaitse seadus
January 24, 2018
Finland2. In CommitteeJanuary 24, 2018
France3. Draft PendingEnglish: Bill on the protection of personal data (JUSC1732261L)

French: Projet de loi relatif à la protection des données personnelles (JUSC1732261L)
January 24, 2018
Germany4. Law PassedEnglish: The Federal Data Protection Act (BDSG)

German: Das Bundesdatenschutzgesetz (BDSG)
January 24, 2018
Greece1. No Published Legislative ActivityJanuary 24, 2018
Hungary3. Draft PendingAct CXII of 2011 on Informational Self-Determination and Freedom of Information ("Privacy Act")January 24, 2018
Ireland3. Draft PendingData Protection Act 2017January 24, 2018
Italy2. In CommitteeJanuary 24, 2018
Latvia3. Draft PendingEnglish: Personal Data Processing Law

Latvian: Personas datu apstrādes likums
January 24, 2018
Lithuania3. Draft PendingEnglish: THE REPUBLIC OF LITHUANIA PERSONAL DATA LEGAL PROTECTION LAW

Lithuanin: LIETUVOS RESPUBLIKOS ASMENS DUOMENŲ TEISINĖS APSAUGOS ĮSTATYMAS
January 24, 2018
Luxembourg3. Draft PendingEnglish: Draft law establishing the National Commission for Data Protection and the implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to treatment personal data and the free movement of these data, amending the law of 25 March 2015 setting the salary and conditions and conditions for the advancement of public servants and repealing the amended law of 2 August 2002 on the protection of individuals with regard to the processing of personal data

French: Projet de loi portant création de la Commission nationale pour la protection des données et la mise en oeuvre du règlement (UE) 2016/679 du Parlement européen et du Conseil du 27 avril 2016 relatif à la protection des personnes physiques à i'égard du traitement des données à caractère personnel et à la libre circulation de ces données, portant modification de la loi du 25 mars 2015 fixant le régime des traitements et les conditions et modalités d'avancement des fonctionnaires de l'Etat et abrogeant la loi modifiée du 2 août 2002 relative à la protection des personnes à l'égard du traitement des données à caractère personnel
January 24, 2018
Malta1. No Published Legislative ActivityJanuary 24, 2018
Netherlands3. Draft PendingEnglish: Act Implementation the General Data Protection Regulation

Dutch: Uitvoeringswet Algemene verordening gegevensbescherming
January 24, 2018
Poland3. Draft PendingEnglish: Personally Identifiable Information Protection Act

Polish: Ustawa o ochronie danych osobowych
January 24, 2018
Portugal2. In CommitteeJanuary 24, 2018
Romania3. Draft PendingEnglish: The Draft Law for amending and completing the Law no. 102/2005 on the establishment, organization and functioning of the National Supervisory Authority for Personal Data Processing, as well as for repealing the Law no. 677/2001 on the Protection of Individuals with regard to the Processing of Personal Data and the Free Movement of such Data, initiated by the Ministry of Internal Affairs and the National Supervisory Authority for Personal Data Processing, is subject to public debate according to Law no. 52/2003 on decisional transparency

Romanian: Proiectul de Lege pentru modificarea şi completarea Legii nr. 102/2005 privind înfiinţarea, organizarea şi funcţionarea Autorităţii Naţionale de Supraveghere a Prelucrării Datelor cu Caracter Personal, precum și pentru abrogarea Legii nr. 677/2001 pentru protecţia persoanelor cu privire la prelucrarea datelor cu caracter personal şi libera circulaţie a acestor date, inițiat de Ministerul Afacerilor Interne și Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal, este supus dezbaterii publice în conformitate cu Legea nr. 52/2003 privind transparența decizională
January 24, 2018
Slovakia3. Draft PendingEnglish: LP / 2017/453 Act on the Protection of Personal Data and on Amendments to Certain Acts

Slovakian: LP/2017/453 Zákon o ochrane osobných údajov a o zmene a doplnení niektorých zákonov
January 24, 2018
Slovenia3. Draft PendingEnglish: DRAFT LAW ON PROTECTION OF PERSONAL DATA

Slovenian: OSNUTEK ZAKONA O VARSTVU OSEBNIH PODATKOV (ZVOP-2)
January 29, 2018
Spain3. Draft PendingEnglish: Draft Organic Law for the Protection of Personal Data

Spanish: Proyecto de Ley Orgánica de Protección de Datos de Carácter Personal
January 24, 2018
Sweden3. Draft PendingEnglish: New Data Protection Laws

Swedish: Ny Dataskyddslag
January 29, 2018
United Kingdom3. Draft PendingData Protection BillJanuary 24, 2018

 

The looming deadline might cause understandable anxiety for those responsible for implementing it. Although the requirements seem daunting, you can adopt an incremental approach to compliance that begins with taking concrete steps today. The result will be significant progress to help you advance along the path to achieving compliance and minimizing the risk of sanctions or penalties. Readying your company for compliance with the GDPR is a significant undertaking that requires substantial time and resources. But while the time remaining for preparation is dwindling, it is still not too late.