Our Monaco Representative Services
under Law no. 1.565 of December 3, 2024 on the Protection of Personal Data
We provide a full range of high-quality Data Representation Services.
Do you need to Appoint a Data Protection Representative under Monaco’s Personal Data Protection Law?
- Your company is based outside the Principality of Monaco and doesn't have an establishment there
- Your company offers goods or services to individuals in the Principality of Monaco and/or you monitor their behavior (such as tracking, profiling, etc.)
Still not sure if you need to appoint a Data Protection Representative?
Discover the Representative Services provided by EDPO under Monaco’s Personal Data Protection Law
At EDPO, we are deeply committed to client service. We take the time to understand your company’s unique needs and expectations to provide you with personalized Representative Services in the context of Article 25 of Monaco’s Personal Data Protection Law.
Data Protection Representation services under Monaco’s Personal Data Protection Law
We act in on your behalf in Monaco for the purpose of Monaco’s Law no. 1.565 of December 3, 2024 on the Protection of Personal Data. The Monaco Personal Data Protection Law allows the designated Representative to be established either in Monaco or in a Member State of the European Union. EDPO is established in Brussels, Belgium, which is a Member State of the European Union. We also have offices throughout Europe to support you as closely as possible as your Monaco Representative.
Data Subject Access Requests (DSARs)
We handle an unlimited number of DSARs. By “handling”, we mean that we receive requests, perform identity checks (if you instruct us to do so), forward the requests to you (with a free English translation, if needed), answer your questions as to best practices on how to respond to the requests and reply to the data subjects on your behalf (with, a free translation, if needed), unless you choose to answer yourself. We do more than simply act as a mailbox or message forwarding service.
Requests from the Data Protection Authority
We handle an unlimited number of requests from the Data Protection Authority (APDP). We understand that it can be quite daunting for companies to be contacted by a data protection authority. That’s why our team handles such requests with great care and diligence (including free translation if needed).
Data Breach Notification Support
We assist you in handling an unlimited number of data breach notifications in Monaco. We understand that the process can sometimes be very challenging, especially given the strict 72-hour deadline to notify the data breach.
IMPORTANT NOTICE IN CASE OF DATA BREACH: Our contract will not automatically terminate in the event that you experience a data breach. We provide continuous support throughout the entire process.
Compliance Certificate
We provide you with a Compliance Certificate based on blockchain technology through a unique high-level encryption / decryption process which can be used on your website and on your company material. Check our compliance page to see what it looks like!
Top-level Security with ISO 27001 Certification
We are proud to be ISO 27001 certified. This is the latest, highest and most comprehensive in-depth security certification. It demonstrates our commitment to information security and confirms that we implemented industry-leading security practices to protect our clients’ data.
Dedicated Client Support
We answer all your questions about our services and keep you updated with a weekly newsletter. Our experts are at your disposal to assist you beyond local office hours, accommodating your international time zone.
Translation
We provide you with a free English translation of all requests from data subjects and the data protection authority as well as a free English-to-original language reply.
Privacy Policy / Documentation wording
We provide the wording to include in your privacy policy on your website or in other documents (e.g. those required in clinical trials) with respect to the appointment of EDPO as your Data Protection Representative under Monaco’s Personal Data Protection Law, including EDPO’s contact details and logo.
EDPO
Just Stands Out
Partner and Head of the European Cyber/Data/Privacy practice of a top-tier American international law firm
What should you look for in a Monaco Data Protection Representative?
Here is our checklist for the appointment of your Data Protection Representative
What services are included? Are there any extra (hidden) costs?- What languages are covered? Is translation included in the fees?
- Who is the team? What are their qualifications and experience?
- Does the Data Protection Representative provide data breach notification support?
- What services are included? Are there any extra (hidden) costs?
- What languages are covered? Is translation included in the fees?
- Who is the team? What are their qualifications and experience?
- Does the Data Protection Representative provide data breach
notification support?
We cover the world. We cover all industries.
You'll find below a non-exhaustive list of industries that already work with us.
Frequently Asked Questions
How does the Representative under Monaco’s Personal Data Protection Law assist companies located outside Monaco?
The main task of the Data Protection Representative is to act as a point of contact for the data protection authority (APDP) and individuals in Monaco whose personal data is being processed by companies located outside Monaco.
The Representative acts on behalf of companies located outside Monaco, performing its tasks according to the mandate received from them, including cooperating with the data protection authority (APDP) with regard to any action taken to ensure compliance with the Law no. 1.565 of December 3, 2024 on the Protection of Personal Data. The Data Protection Representative also has to maintain records of the processing activities of their clients.
Where does the Data Protection Representative have to be located according to the Monaco Personal Data Protection Law?
Your representative must be located in the Principality of Monaco or, failing that, within a Member State of the European Union. EDPO is based in Brussels, Belgium, which is a Member State of the European Union.
Does designating a Data Protection Representative release the companies located outside Monaco from liability and responsibility?
No, the Monaco Personal Data Protection Law clearly states that the designation of a Data Protection Representative does not affect the responsibility and liability of the companies located outside Monaco that fall within the scope of the Law. The designation is without prejudice to legal actions which could be initiated against the companies.
How much does it cost to appoint a Representative pursuant to the Monaco Personal Data Protection Law?
Our Data Protection Representative fees are based on the size of your company (in terms of number of employees), the type of data (regular data and/or sensitive data) that your company processes, whether or not your company’s processing operations require regular and systematic monitoring of individuals in Monaco and whether your company processes personal data on a large scale. All packages can be tailored to your company’s specific needs.
Click here to know more about our Representative fees.
If you also need to appoint us as an EU, UK, or Swiss Representative, please let us know as we have discounted prices.
Do the Monaco Representative services cover the EU, the UK or Switzerland too?
No. The Pincipality of Monaco is not in the EU/EEA and has its own Data Protection Law. The EU, the UK, and Switzerland also have their own jurisdictions and their own Data Protections Law, namely the GDPR, the UK GDPR, and the Swiss FADP.
Head over to our EU Representative, UK Representative page, or our Swiss Representative page to learn more.
What if my company is based in the EU/EEA?
If your company is based in the EU/EEA, and you have no establishment in the Principality of Monaco, you must appoint a representative according to Article 25 of Law no. 1.565 of December 3, 2024 on the Protection of Personal Data.
What is personal (regular) data?
Personal data under the GDPR has a very broad interpretation and includes any information that relates to an identified or identifiable natural person: name, pictures, addresses, phone numbers, e-mail addresses, IP addresses (even dynamic), identification numbers, location data, age, origins, pseudo, etc.
What is sensitive data ?
Sensitive data is personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or a natural person’s sex life or sexual orientation.
What is considered to be processing “on a large scale"?
The GDPR and UK GDPR do not define what constitutes “large scale” processing but guidelines recommend that the following factors be considered when determining whether the processing is carried out on a large scale:
- The number of individuals concerned – either as a specific number or as a proportion of the relevant population
- The volume of data and/or the range of different data items being processed
- The duration, or permanence, of the data processing activity
- The geographical extent of the processing activity
Examples of large-scale processing include:
- processing of patient data in the regular course of business by a hospital
- processing of travel data of individuals using a city’s public transport system (e.g. tracking via travel cards)
- processing of real time geo-location data of customers of an international fast food chain for statistical purposes by a processor specialised in providing these services
- processing of customer data in the regular course of business by an insurance company or a bank
- processing of personal data for behavioural advertising by a search engine
- processing of data (content, traffic, location) by telephone or internet service providers
Examples that do not constitute large-scale processing include:
- processing of patient data by an individual doctor
- processing of personal data relating to criminal convictions and offences by an individual lawyer
The Swiss Authority defines large scale: “The term "large-scale" refers to cases where data is not simply processed in an isolated way. For example, a medical practice or hospital might process patient data. On the other hand, the isolated processing of the data of an employee who is absent due to illness by a company does not constitute large-scale processing. Large-scale processing occurs in particular when the processing of sensitive data constitutes the essential part of the activities of the person or body in question.”)