The EU’s incoming General Data Protection Regulation is, as the name makes clear, a regulation. Unlike an EU directive, it applies across all member states without the need for each country to transpose it into national law.
However, each member state does still need to update its national data protection law in order to align it with the GDPR and to flesh out certain elements of the regulation for that country’s domestic context. Unfortunately, only five of the 28 member states (Germany, Belgium, Poland, Austria, and Slovakia) have so far passed their GDPR implementation acts. And the GDPR will take effect in a month’s time.