{"id":17542,"date":"2021-12-15T10:00:00","date_gmt":"2021-12-15T09:00:00","guid":{"rendered":"https:\/\/www.rosello-mallol.com\/?p=17542"},"modified":"2023-11-03T11:30:27","modified_gmt":"2023-11-03T10:30:27","slug":"new-data-protection-law-in-andorra","status":"publish","type":"post","link":"https:\/\/www.rosello-mallol.com\/en\/new-data-protection-law-in-andorra\/","title":{"rendered":"New Data Protection Law in Andorra"},"content":{"rendered":"\n

Law 29\/2021 of 28 October on the protection of personal data was published<\/a><\/strong> in the Official Gazette of the Principality of Andorra on 17 November 2021. In February 2021 we talked<\/a><\/strong> in this blog about the implications of the GDPR in Andorra. This is a relevant question because, despite not being a member of the EU, we have already seen its application in some cases. Now, however, we can finally say that there is a new Data Protection Law in Andorra<\/span><\/strong> that repeals the current one from 2003.<\/p>\n\n\n\n

In addition to the undoubted approval of the regulations in the GDPR, which we will discuss later, these regulations respond to several strategic needs:<\/p>\n\n\n\n

a) Firstly, although Andorra has an EU adaptation decision (considered to be approved by European standards, even with regard to the 2003 regulations), Art. 45.3 of the GDPR provides that the European Commission may review these decisions every 4 years, which would be in May 2022.<\/p>\n\n\n\n

b) The growth of technology startups and the Andorran Government’s undoubted commitment to digital entrepreneurship<\/strong> mean that the country must have regulations that are very similar to, if not exactly the same as those of potential investors. Here we must obviously include the EU Member States, as well as other non-member states, which are making efforts to adapt their own regulations or which already have regulations approved by the GDPR (Israel, United Kingdom, etc.).<\/p>\n\n\n\n

About Law 21\/2019 on new Data Protection Law in Andorra<\/strong>:<\/h2>\n\n\n\n

The new Andorran regulations are clearly inspired by the GDPR and also, in some parts, by the Spanish Law of 2018. There are, however, some interesting nuances, which we believe to be in favour of data subjects, that companies must take into account:<\/p>\n\n\n\n

First of all, it should be remembered that the regulations will be applied to both controllers and processors<\/strong> established in Andorra<\/strong>, as well as those that do not reside in the Principality but use processing resources located in Andorra. In this second case, they will have to appoint a representative<\/strong>, the name of whom must be reported to the Andorran Data Protection Agency.<\/p>\n\n\n\n

Within the similarities<\/strong>, concepts and obligations already known by companies located in EU Member States, the following are introduced:<\/p>\n\n\n\n