GDPR Compliance Deadline: 25 May 2018

Obligations due by this deadline

For all in-scope entities

• Art 51 — Each Member State shall notify to the Commission the provisions of its law which it adopts pursuant to this Chapter, by 25 May 2018.
• Art 84 — Each Member State shall notify the Commission of the provisions of its law adopted pursuant to paragraph 1 by 25 May 2018.
• Art 90 — Member States shall notify the Commission of the rules adopted pursuant to paragraph 1 by 25 May 2018 and any subsequent amendments without delay.
• Art 83 — Notify the Commission of the provisions of their laws adopted pursuant to paragraph 9 by 25 May 2018.

For recruitment and HR

• Art 88 — Each Member State shall notify the Commission of the provisions of its law adopted pursuant to paragraph 1 by 25 May 2018.

Checklist — what you need to have done

• Art 51: notify

What should already be in place — audit framing

25 May 2018 is 2928 days behind us. The obligations on this page have been in force since then; treat any gap as an audit finding, not a planning question. The expected baseline under GDPR:

• data-protection impact assessment (DPIA) for novel processing — should be done already
• records of processing activities update — should be done already
• controller / processor contract revision — should be done already

If any of these are missing, the right next step is a gap assessment plus a documented remediation plan — not a re-design of the underlying programme.

Related Fontvera pages

• gdpr article 58 supervisory authority
• gdpr obligations recruitment hr
• gdpr vs ai act
• gdpr vs nis2

Check your full compliance exposure with the 5-minute Fontvera diagnostic →