Beyond the GDPR: Current News in Regional Legislation

Written by Nymity
on November 23, 2017

If your organisation is preparing to address GDPR compliance, you will also need to remain informed about the supporting legislation being developed separately in different countries across the EU. Though the GDPR is a wide-sweeping legislation, all EU Member States have to produce or update their existing policies to be aligned with the GDPR.

Germany and Austria have already completed their legislative process, and many other countries have by now published their draft GDPR legislation. Today, we are going to look at the 3 most read articles, according to the statistics from our online tool, Nymity Research™, concerning the GDPR, as it pertains to existing and new supportive legislation on a regional basis.

1. UK Introduces the Data Protection Act 2017
What you need to know:
The Data Protection Act 2017 was introduced in order to align the Data Protection Act 1998 (DPA) with the GDPR. Personal data in the UK will be subject to the GDPR, with the Act preserving existing tailored exemptions in the current DPA. The bill clarifies obligations for legal processing by controllers, including automated processing, defines the powers of the Information Commissioner, and establishes infringement penalties that are in line with the GDPR.

At the same time, the bill prepares the UK data protection legislation for the time after the Brexit negotiations have been completed. The UK has indicated it intends to obtain a so-called adequacy decision, to ensure personal data can continue to flow between the country and the EU. Full details of the bill may be found here:

2. CNIL Reminds Processors of Substantial Obligations
What you need to know:
The French Data Protection Authority, CNIL, released guidance for data processors pursuant to the GDPR. The guidelines state that a Processor must consider whether it must appoint a DPO, analyze and review new and existing contracts (including clauses mandated by the GDPR as of May 25, 2018), develop a processing registry (both for its own processing and that which it conducts on behalf of its client, the controller), ensure it assists a client with a Data Protection Impact Assessment, and notify a client of any data breach.

Full details may be found in the following Press Release issued by the CNIL (in French):

3. Luxembourg Proposes Complementary Bill
What you need to know:
Luxembourg’s new Bill No. 7184 provides several exemptions for the processing of personal data for certain purposes, making use of provisions of the GDPR allowing limited national derogations. These purposes include journalism, university research, art or literature, and statistics or scientific or historical research (which requires a data protection impact assessment and the designation of a DPO). Sensitive data (including health data) may be processed by and transferred to medical bodies, insurance companies, and pension funds.

Criminal sanctions will be applied for any intentional obstruction of the DPA. Bill No. 7184 is meant to repeal and replace current law protecting individual data subjects, while being applied in parallel to the GDPR. For more information, click the following link:

Nymity Research™
Nymity Research™ gives access to a broad database of research-based insight, reporting on up-to-the-minute developments in privacy legislation around the world. All of the information we’ve discussed today has been pulled from our monthly trending report, entitled, “EU General Data Protection Regulation”.

Along with the ability to pull such reports, Nymity Research™ breaks down the information even further into specific activities that are affected by each new legislation, and provides supporting documentation to assist in addressing and satisfying new regional requirements. Readers are also provided with the option to search by keyword, targeting all news and reports that may affect a desired topic.

To request a free trial of Nymity Research™ click here:

You may also like:

GDPR ccpa
New IAPP and TrustArc Report Reveals a Majority of Companies Are Embracing a Single Global Data Protection Strategy

Survey explores differences in data and privacy practices based on company size, location, sector and geographic reach

GDPR ccpa
TrustArc’s Nymity Awareness Tracker Enables Privacy Knowledge Across Entire Business

Tailored Information Empowers Privacy Champions at Every Level

GDPR ccpa
REIMAGINING PRIVACY: TrustArc Acquires Nymity

Terry McQuay, President and Founder at Nymity Today we’re pleased and proud to be announcing that Nymity, the company ...