Since 2018, we were waiting for a “Monaco GDPR” and here we are !
A new data protection bill was presented on 20 December 2021 to the Monaco Parliament (Conseil national). The objective is to harmonize Monaco law with the European GDPR in order to place Monaco as a jurisdiction with an “adequate level of protection” for privacy purposes. This is good news for Monaco companies as it will facilitate data transfers with EU counterparts and/or service providers.
So what’s new ? One of the most significant changes will be the suppression of the current notifications or authorizations requirements to/from the Monaco Data Protection Authority – which will change its name from CCIN (Commission de Contrôle des Informations Nominatives) to APDP (Autorité de Protection des Données Personnelles). Such requirements will be replaced by an accountability system with greater power of control and sanction from the Monaco Data Protection Authority.
Sanctions will also be inserted in the Monaco Criminal Code going up to one-year imprisonment and 90,000 euros fines for non-compliant Monaco data processors. Because the effectiveness of sanctions is a criterion for evaluation by the European Commission, there is no doubt that the Monaco Data Protection Authority will carry out more frequent controls and ensure that sanctions are applied.
The bill also includes a new right to compensation against the processor and/or controller for any damages suffered as a result of data protection infringements. In a world where data privacy is an increasing concern, it is likely that the level of complaints will raise.
The bill has yet to be discussed, debated and voted by the Monaco Parliament. It is now only at the beginning of its legislative process. This timeline offers Monaco entities an extra time to prepare and put their organization in compliance pending the implementation of the new Law.
DL Corporate & Regulatory has a well recognized expertise on data protection matters and will be pleased to help you anticipate your compliance with this new Data Protection Law softly and efficiently. You can contact our certified Data Protection Officer (DPO), Ambre Bernat, at the following address : firstname.lastname@example.org so that you can be ready for the next steps to come !