As of the next 17 May 2022, the new Data Protection Law will come into effect (Law 29/2021 of 28 October on the protection of personal data). This law will provide a new legislative framework that will affect entities, companies, associations, foundations, federations, schools, freelance professionals, medical centres, accountants, auditors, etc. All companies in the country registered in the Principality of Andorra, or constituted in accordance with Andorran laws, whether public or private, small or large, will be expected to adapt and comply with the new Law.
Its scope of application will be relevant to all business sectors with a connection to a professional or commercial activity, as well as the management of the personal data of suppliers, customers or employees.
In order to adapt to the new regulations, entities must apply a series of measures, both in the technical and organizational fields, which must be implemented at the appropriate time and in accordance with the new Law and the future Regulation. Application of the appropriate technical and organizational measures must be guaranteed and compliance with the Law and its regulations should be demonstrable.
The basic measures to be implemented are:
In order to implement the new standard, companies must carry out a Data Protection Audit that will define the actions to address, according to the type of data processed, the sector or business activity, the volume of data, the number of employees, etc.
It is important to highlight that it is a proactive Law, that is, for any data processing, it will be necessary to obtain the express consent of the affected or interested party. For this reason, consent must be demonstrable with the duly signed forms.
Companies that do not comply with this legislation can face important sanctions that can range from €500 to €100,000.
At IS21, our professionals specialized in this area offer a global response and help our clients implement the necessary measures to comply with the new legislation.