This was one of the questions discussed yesterday at Privacy Laws & Business’s conference, Almost there: GDPR National Implementation. Hosted in London by Latham & Watkins LLP (L&W), the conference covered GDPR developments in Spain, Poland, France and Germany.
Gail Crawford, Partner at Latham & Watkins, London, explained that so far, only Austria, Belgium, Germany, Slovakia and Sweden have passed implementing legislation. However, Belgium still needs to supplement its ‘basic implementation’ with detailed legislation on GDPR derogations and this is likely to be after the deadline of 25 May.
According to L&W, Bulgaria, Hungary and Malta have not yet published a draft data protection bill. Other EU Member States have draft Bills or Bills in Parliament. It is expected that the UK, France, Croatia and Denmark will pass implementing laws before the GDPR deadline.
With regard to countries that will not be ready by 25 May, Crawford said: “While one would expect to be able to ignore the national laws after 25 May and comply with the GDPR, the situation is not so simple. The DPAs would only be able to enforce the national law. In some countries, DPAs do not currently have fining powers.”
Crawford also pointed out that the European Economic Area (EEA) countries’ treaty with the EU needs to be updated so that they do not become third countries when the GDPR enters into force.
Privacy Laws & Business 31st Annual International Conference, Navigating GDPR: The art of the possible, 2-4 July 2018, Cambridge, UK, will include presentations about GDPR implementation and national laws, including one from Iceland’s Data Protection Commissioner on how data protection law works in the European Economic Area and the Single Market. See www.privacylaws.com/ac