Most EU Member States have adapted their national data protection laws to the GDPR by now. As an EU Regulation, the GDPR applies directly in every Member State so that national transposition laws are no longer necessary. The GDPR contains numerous provisions, however, that may be filled by the Member States. Key examples include employee data protection, data transfer to third countries, and company data protection officers.
A large number of Member States already adapted their national data protection laws so that they entered into force at the same time as the GDPR on May 25, 2018 while others followed suit later. At the current time, only Bulgaria, the Czech Republic, Estonia, Finland, Greece, Portugal, and Slovenia remain without data protection laws that are in line with the GDPR.
Although as an EU Regulation the GDPR is directly applicable to EU citizens, in most EU Member States data protection is not exclusively governed by the GDPR. National legislation also continues to apply to data protection matters in those Member States.