European GDPR variations

Track: GDPR
When: Tue DS-3
Participants Fernanda Almeida Fernanda Almeida , Mario Platt Mario Platt , Simon Pavillon Simon Pavillon , Vasil Buraliev Vasil Buraliev , Vijay Nair Vijay Nair
Remote Participants Germinal Orcil Germinal Orcil , Lubo Vikev Lubo Vikev , Lucio V. Aguiar Lucio V. Aguiar , Ryan Farmer Ryan Farmer

Within GRPR members there are already legal variations with national laws.


Complex structural changes mean a complete overhaul to anything remotely related to data in all companies and organisations.


Personal data All data from Austria and Switzerland should be handled according to GDPR standards. Austrian continues a national tradition of extending data protection rights to legal persons (such as corporations and nonprofit foundations) in addition to individuals. Switzerland’s data protection law currently being revised to align with the GDPR, also applies to legal as well as natural persons.

Children’s provisions will vary by country GDPR Article 8 is a new requirement for parental consent to process information about children under the age of 16. Parental consent varies per countries and some for a lower age. Age 13: Czech Rep., Denmark, Finland (the Ministry of Justice recommends either 13 or 15), Ireland, Latvia, Poland, Spain, Sweden and UK. Age 14: Austria Age 15: Greece

Processing IDs Each countries can determine the specific conditions for the processing of national identifications.

Representatives Article 27 requires a controller or processor without an establishment in the EU to appoint a local “representative” (similar to a corporate agent for service of process, which is different from the obligation to appoint a DPO under Art. 37, who might or might not be located in the EU). The GDPR does not state that this as a national option, but the UK Data Protection Bill excludes this requirement.

DPO Germany requires a DPO if the company employs at least 10 people who regularly work with the automated processing of personal data, or if the company must prepare a data protection impact assessment (DPIA), or if it commercially processes personal data for third parties or for market research or opinion research.

Consumer credit The German GDPR implementation statute includes specific provisions regulating consumer credit reports and scores. This area is not expressly addressed in the GDPR from Brussels.


Work closely with your compliance department and stay in touch with your national GDPR authority the ICO for the UK.


Register as participant

To register as participant add European GDPR variations to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page

Back to list of all Working Sessions