November

Late March, the Polish Ministry of Digital Affairs published a partial draft of the new act on data protection. This is a clear signal that the Polish government has launched preparations for the GDPR.

The draft is not a comprehensive regulation, since it only addresses certain issues as Data Protection Officer, good practices on data security, interim decisions, inspections, accreditation, financial penalties, and DPA 's guidelines. Yet, while entrepreneurs are preparing to implement changes to ensure their compliance with the GDPR, the Polish government is simultaneously seeking to adapt the current Polish legal framework.

The new draft legal provisions are in public consultation, and it is assumed that other legal acts containing specific data protection provisions might also be amended.

The Romanian government has published a "Draft Law" that will implement the mandatory provisions of the European Union's (EU) General Data Protection Regulation into local legislation.
 
Changes focus on the independence and powers of the Romanian Data Protection Authority (Romanian DPA), the procedural steps to be taken during investigations and the method of cooperation during cross-border investigations, the sanctioning of data protection legislation branches, and the procedure for complaints filed by data subjects with the Romanian DPA.

After a more than 30-year journey, Turkey has managed to put into force its data protection act, which was engaged with the Schengen-free regime conditions by European Union (EU).
 
Privacy is new to Turkey, where binding secondary laws regulating the telecommunication sector wasn 't enough to spread the privacy understanding to the other sectors.
 
It is important that data inventory, data flow life cycle and underlying logical and physical architectures are well defined. These can be implemented by clearly defining systems and applications, proper management of data classification and inventory, and overall management of the data life cycle.