On December 13, 2024, Law no. 1.565 regarding the protection of personal data was published in the Journal de Monaco, replacing Law no. 1.165 of December 23, 1993.
The aim of this law is to establish Monaco as a country with an equivalent level of protection to the European Union.
Who is concerned?
This law applies to all professionals (data controllers) who process personal data, whether fully or partially automated or non-automated, for inclusion in files (whether computerized or not).
If you have carried out declarations regarding data processing with the CCIN and continue to operate the data after the law comes into force, you have one year to comply with the new law.
Otherwise, the law applies immediately.
The main new features of this law:
This law impacts the Principality’s controls on personal data protection, as well as your internal obligations. These changes include:
- The creation of the Autorité de Protection des Données Personnelles (APDP), replacing the CCIN. It now has the power to impose sanctions.
- The emergence and reinforcement of the rights of data subjects;
- The disappearance of prior declarations with the CCIN;
- The obligation for most establishments to draw up and keep an internal data processing register;
- The obligation to notify the APDP of any personal data breach;
- The obligation to implement technical and organizational measures to ensure the compliance of your processing operations and subcontractors;
- The inclusion of the main guiding principles of the European regulation (GDPR);
- The strengthening of criminal sanctions and the creation of administrative sanctions (operational and financial).
Our Data Privacy team is at your disposal to support you in carrying out an impact analysis linked to this law, as well as in bringing your business into compliance. We are at your disposal to answer all your questions and guide you every step of the way.
Here is the publication of the law in the Journal Officiel de Monaco :
