The main aim of the European General Data Protection Regulation (GDPR) is to harmonize data protection laws in all the Member States (MS) and ensure a uniform level of data protection throughout the EU.
However, the GDPR contains about 70 so-called ‘opening clauses’, that allow MS to restrict the article to which the clause belongs. Consequently, the national legislation can provide for deviating, specific or additional requirements, which are likely to result in discrepancies in laws between the countries.
The scope of such MS discretion regarding the opening clauses is usually provided in the clause itself and it must be always interpreted in the light of the GDPR.
The following topics are the most important ones for corporate data protection. You will find a concise resume of the applicable stipulations of the GDPR. With our data protection comparison you can compare each provision with deviating rules in selected MS.
- Specific data protection law and official guidelines
- Material and territorial scope
- Legal principles
- Legal basis
- Sensitive data
- Information requirements
- Online data protection
- Automated decision-making
- Rights of data subjects
- Processing on behalf of a controller
- Records of processing activities
- Data security
- Data breaches
- Data protection impact assessment (DPIA)
- Data protection officer
- Data transfer
- Supervisory authorities
- Sanctions and penalties
- Data protection for employees
- Archiving, scientific and historical research