GDPR is now in force in the European Union (EU). Many clients ask us what impact GDPR has on their business in Monaco. The Principality is not a member of the EU although it has entered into specific treaties with the EU, in particular on financial matters. GDPR is out of the scope of such treaties. In principle, GDPR should not affect business in Monaco.
In fact, businesses are impacted very substantially, since any processing by an entity based in Monaco of personal data from clients residing in a UE country is potentially subject to GDPR provisions. Any cross border activity a Monegasque company may carry out on UE territory is within scope. Monaco entities offering services or products to UE clients have to comply with both Monaco data protection laws and GDPR. A new law in Monaco amending the current data protection legislation is soon expected.
This change in legislation is also required to obtain the long-awaited “adequate level” of protection for the Principality of Monaco which will facilitate data transfers from an UE controller.