According to Germany Austria also submitted an implementation law for the GDPR (and the Schengen Directive), which Data Protection Amendment Act 2018. Unlike the German DSAnpUG-EU, the Data Protection Amendment Act 2018 is limited to a concise implementation of the GDPR, more or less restricted to the minimum, which, however, has to do with the fact that sectoral provisions can be implemented later in corresponding sectoral decrees. From the explanatory notes:
While the necessary implementation of the GDPR is predominantly carried out in the new Data Protection Act (DPA), Opening clauses are only directly regulated in the new DPA to a small extent respectively, these are regulatory leeway clauses which are deliberately not regulated in the new DPA, as the GDPR already contains a basic rule which – as a general approach – should in principle also be adopted in national law (e.g. Art. 8(1) DPA with regard to the age limit for a child’s consent in relation to information society services). However, the majority of the opening clauses do not fall within the scope of general matters of data protection, therefore they are not regulated in the new DPA. However, to the extent necessary, a corresponding provision may be made in specific substantive laws (e.g., Art. 23 and 88 GDPR).
On the need to implement the GDPR in general, see Veil, Datenschutz in der Mehrebenenfalle, CRonline.