GDPR: State given an extra 17 months more than the private sector.

Legislation passed on 20th March stipulates an October 2019 deadline.

Unlike the private sector, which must ensure compliance with the new General Data Protection Regulation from 25th May this year, the public administration and state-run businesses will have until October 2019 to get everything in order.

According to the legislation passed on March 29th, the deadline has been extended for the tax authorities, courts and information networks and services used by schools and hospitals, etc.

“It is absolutely essential to set out technical guidance for the public administration, with recommendations for state enterprises, on the architecture of security on information networks and systems and procedures to be adopted to be compliant with the GDPR,” writes the government in the document.

The EU has given member states the chance to keep or approve national provisions that allow greater flexibility with regard to the Regulation.

In this way, the government aims to avoid the fines for non-compliance with the GDPR, since it considers that it was designed with multinationals in mind and not public administrations which, in its view, do not use personal data for business purposes. For that reason, despite the GDPR coming into force this May, it will only be a major concern for the public sector in 2019.