this kinda depends. I'm not 100% sure what kind of "law" the GDPR, but if it's a directive (which I think it is?), then each member state must implement a law that satisfies the GDPR requirements. Member states may chose to pass stricter laws than the GDPR technically requires, which could make something illegal in one EU country but not all the others.
Also, enforcement may be very inconsistent, since it is mostly left to each member state to handle.
EDIT: NVM, GDPR is a Regulation, not a Directive, so it's automatically law everywhere in Europe.
Also, enforcement may be very inconsistent, since it is mostly left to each member state to handle.
EDIT: NVM, GDPR is a Regulation, not a Directive, so it's automatically law everywhere in Europe.