Enacted on April 27, 2016, the European Regulation on general data protection (GDPR) will enter into force in all European Union members States on May 25, 2018.
It aims at unifying the rules related to the protection of personal data in the various member States by widening the rights of the data subjects and the responsibility of data controllers. The Regulation also aims and strengthening the applicable sanctions, violation of the Regulation being subject to a fine that can reach 20.000.000 € or 4 % of the worldwide annual turnover.
The scope of the Regulation will however be wider that the mere EU territory, since it is aimed at applying whenever the data controller or its subcontractor offer goods or services to persons located within the EU territory (recital 23 of GDPR) or as soon as the data treatment is associated to monitoring the behavior of people within the EU (recital 24 of GDPR).
The GDPR is therefore intended to impact on Monaco based companies, since they are offering goods and services on the territory of the EU via their website.
Monegasque companies have in any event to become familiar with the GDPR, since Monaco law n° 1.165 of 23 December 1993 on the protection of personal information is set to evolve in order to reach the level of the standards put in place through the modernization of Convention n° 108 of the Council of Europe for the protection of individuals with regard to automated data processing and its Protocol, which modernization is itself intended to align the standards developed by the Council of Europe in the field of personal data protection with those of the European Regulation on general data protection.