Privacy Law at Andorra

09 Apr 2025 --
0 Comments

Andorra's Qualified Personal Data Protection Law (LQPD), officially known as Llei 29/2021, del 28 d’octubre, qualificada de protecció de dades personals, was enacted on October 28, 2021, and came into force on May 17, 2022. This legislation aligns Andorra's data protection framework with the European Union's General Data Protection Regulation (GDPR), replacing the previous 2003 law

📌 Key Provisions of the LQPD

1. Scope and Applicability The LQPD applies to all entities, both public and private, that process personal data of individuals residing in Andorra It also extends to organizations outside Andorra if they process data within the country, provided they appoint a representative in Andorra for compliance purpose

2. Personal Data DefinitionPersonal data encompasses any information related to an identified or identifiable individualSensitive personal data, such as health information, biometric data, and data revealing racial or ethnic origin, are subject to stricter processing conditions and are generally prohibited unless specific conditions are me

3. Legal Bases for Data Processing Data processing is lawful only if at least one of the following conditions is met

4. Rights of Data Subjects Individuals have the right to

O)**Public authorities and certain private entities are required to appoint a Data Protection Officer The DPO's responsibilities include advising on compliance, monitoring data protection activities, and acting as a contact point for data subjects and the Andorran Data Protection Agency (APDA

6. Data Protection Impact Assessment (DPIA)Before engaging in high-risk data processing activities, organizations must conduct a DPIA to assess the impact on data subjects' rights and freedoms and implement measures to mitigate identified risk

7. Breach Notification Data controllers must notify the APDA of a personal data breach within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals If the breach is likely to result in high risk, affected individuals must also be informed without undue dela

8. Sanctions Violations of the LQPD can result in administrative fines

🏛️ Enforcement Authorit

The Andorran Data Protection Agency (APDA) is responsible for overseeing compliance with the LQPD, including maintaining records, conducting inspections, investigating violations, and issuing sanctios

✅ Summary

Andorra's LQPD establishes a comprehensive data protection framework that aligns with EU standards, enhancing individuals' privacy rights and imposing obligations on organizations to ensure the lawful and secure processing of personal dat.