The main aim of the European General Data Protection Regulation (GDPR) is to harmonize data protection laws in all the Member States (MS) and ensure a uniform level of data protection throughout the EU.
However, the GDPR contains about 70 so-called “opening clauses” that allow MS to restrict the article to which the clause belongs. Consequently, the national legislation can provide for deviating, specifying or additional requirements, which are likely to result in discrepancies in laws between the countries.
The scope of such MS discretion, regarding the opening clauses, is usually provided in the clause itself and must always be interpreted in light of the GDPR.
The following topics are the most important ones for corporate data protection. You will find a concise resume of the applicable stipulations of the GDPR. With our data protection comparison, you can compare each provision with deviating rules in selected MS.
- Specific data protection law and official guidelines
- Substantive and territorial scope
- Legal principles
- Legal basis
- Sensitive data
- Informing requirements
- E-marketing (new regulation by ePrivacy Regulation remains to be seen)
- Online data protection (new regulation by ePrivacy Regulation remains to be seen)
- Automated decision-making
- Rights of data subjects
- Processing on behalf of a controller
- Records of processing activities
- Data security
- Data breaches
- Data protection impact assessment (DPIA)
- Data protection officer
- Data transfer
- Supervisory authorities
- Sanctions and penalties
- Data protection for employees
- Archiving, scientific and historical research