Today the IAPP releases a new tool that has been months in the making. The "EU Member State GDPR Derogation Implementation Tracker" looks at specific provisions in the EU General Data Protection Regulation whereby member states are required to, or may, create rules specific to that country — commonly referred to as derogations — and offers information on how each member state has addressed them in national law. You can then either read the English-language summary of the derogation or click on a link to dive deeper into the text itself, although many times the implementation bill will be in the member state's national language.
The idea behind the chart is to offer IAPP members the ability to compare the rules for each EU member state, derogation by derogation. For example, Article 8 of the GDPR allows member states to set the age of consent within that country to somewhere between 13 and 16 years of age. If you plan to offer services to children in the EU, it will be important for you to know which member state says 13 and which says 16 (or 14 or 15) so you will know how to write your policies and build your systems.
At this point, most EU member states have passed laws implementing the GDPR, though not all, and thus have determined how they will implement the derogations. As with many of our tools in the Resource Center, expect that this will get better with age. We will include more analysis for the current laws, and as laws are passed the chart will grow to include those laws.
Best of all, this new tool is a community effort. The "EU Member State GDPR Derogation Implementation Tracker" has been created with the help of 21 contributors from 16 EU countries, a number that will surely grow as more laws are passed. I've been in many conversations lately about what makes the IAPP positioned to do things that no one else can do. Each time the conversation comes back to our members. We have the widest network of privacy professionals of any organization, and that is without question our greatest asset. This new tool is a perfect example of how the IAPP membership works to benefit the privacy community as a whole.