GDPR Local Implementation

Last updated: May 22, 2020

While the GDPR is pan-European in scope, individual EU Member States have latitude to add or modify provisions to fit their local data protection needs, provided that the implementing acts adhere to the general principles laid out in the GDPR. Our team is closely monitoring all developments related to local implementation, and updating the map below accordingly. Click through the map, or country list below, to access the text of the implementing acts or draft bills.


GDPR Countries Germany Ireland Austria Netherlands Poland Lithuania Estonia Norway Sweden Spain Luxembourg United Kingdom Switzerland Romania Belgium Denmark Hungary Latvia Slovakia Slovenia France Croatia Bulgaria Greece Italy Portugal Finland Iceland Cyprus


Austria (German; Bill enacted)

Belgium (French; Bill enacted to create DPA under GDPR)

Bulgaria (Bulgarian; Bill enacted)

Croatia (Croatian; Bill enacted)

Cyprus (Greek; Bill enacted)

Czech Republic (Czech; Bill enacted)

Denmark (Danish; Bill enacted)

Estonia (Estonian; Bill enacted)

Finland (Finish; Bill enacted)

France (French; Bill enacted)

Germany (German; Bill enacted)

Greece (Greek, Bill enacted)

Hungary (Hungarian; Bill enacted)

Iceland (Icelandic; Bill enacted)

Ireland (English; Bill enacted)

Italy (Italian, Bill enacted)

Latvia (Latvian; Bill enacted)

Liechtenstein (No draft bill yet)

Lithuania (Lithuanian; Bill enacted)

Luxembourg (French; Bill enacted)

Malta (English, Bill enacted)

Netherlands (Dutch; Bill enacted)

Norway (Norwegian; Bill enacted)

Poland (Polish; Bill enacted)

Portugal (Portuguese, Bill enacted)

Romania (Romanian; Bill enacted to create DPA under GDPR)

Romania (Romanian; Bill enacted to implement the GDPR)

Slovakia (Slovak; Bill enacted)

Slovenia (Slovenian; Draft bill available)

Spain (Spanish; Bill enacted)

Sweden (Swedish; Bill enacted)

Switzerland (French; Draft bill available - partial implementation)

United Kingdom (English; Bill enacted)



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.