Cybersecurity and Personal data protection
Cybersecurity
On 9 June 2022, the General Council approved Law 22/2022 on measures for the security of networks and information systems. Andorra’s geopolitical situation, the growing dependence of the economy on national and cross-border information systems and networks, and the potential synergies in the prevention of threats and the challenges posed by cyber-incidents have led to the need to adopt the European legislation contained in Directive (EU) 2016/1148 of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. The law also takes into consideration the European Commission’s Proposal COM (2020) 823 final on measures for a high common level of cybersecurity across the Union, repealing Directive (EU) 2016/1148.
Personal data protection (European GDPR regulation)
On 28 October, the General Council approved Law 29/2021 on the protection of personal data with the aim of adopting the new provisions established in this matter by European Regulation 2016/679 (General Data Protection Regulation, “GDPR”) and Directive (EU) 2016/680.
In the context of the new challenges posed by unstoppable technological progress and globalisation, the Andorran legislator has updated the country’s data processing regulations, which both individuals and private and government organisations are required to implement when processing data relating to individuals.