GDPR News » Monaco Personal Data Protection Law: What It Means For Companies Outside Monaco 

Even if you have no office in Monaco, the Monaco Data Protection Law can still apply if your processing is linked to offering goods/services to people in Monaco or monitoring their behaviour.

Monaco adopted a new data protection framework (“Loi n°1.565 du 3 décembre 2024 relative à la protection des données personnelles”), and it includes an explicit extra-territorial reach that will look familiar if you are already familiar with the GDPR. 

This matters because the law is designed to apply both to organisations established in Monaco and to organisations established outside of  Monaco when certain triggers are met.

In practice, just like the GDPR, it means that if you’re operating in Monaco, the law applies, regardless of whether you are established there or not.

The Representative Obligation At A Glance

1. Put a “representative on the ground” plan in place when you are not established in Monaco.
   Under Article 25 of the Monaco Personal Data Protection Law, if you are not established in Monaco and your processing is linked to the offering of goods or services to individuals in Monaco or the monitoring of their behaviour there, you must designate a representative in writing established in Monaco or, failing that, in an EU Member State. That representative is mandated to act as the contact point for both data subject and the data protection authority (Autorité de protection des données personnelles ”A.P.D.P.”).

   Example: If your company is established in the EU and has no establishment in Monaco, but you sell subscriptions to Monaco residents (offering services) or track Monaco users for analytics/ads (monitoring behaviour), you need to appoint a representative for the purposes of Monaco law, either in Monaco or, failing that, in the EU.

2. Organisations may still need an EU representative under GDPR Article 27 if they target individuals in the EU. The Monaco representative requirement is separate and does not replace GDPR obligations.
   

How This Differs From Other Regimes? 

Monaco’s framework is closely aligned with the GDPR structure, but you should still treat it as its own regime with its own authority, enforcement route, and compliance posture.

How EDPO Helps

With EDPO, you get:

• A Monaco representative service designed for cross-border operations
  You get a reliable point of contact that can handle regulator communications and data subject contacts with clear routing and accountability.
• A one-stop shop
  For organisations that are subject to several of these frameworks, EDPO can serve as a practical one-stop shop, helping coordinate the different representation requirements and providing a consistent point of contact. EDPO offers regulatory representation services under the GDPR, UK GDPR, Swiss FADP, DSA, TCOR, Data Act, and NIS 2 Directive. 
• ISO 27001:2022 security and operational discipline
  Your representative function is only as strong as the security behind it. We align representative operations with ISO 27001:2022 style controls: access management, incident handling, vendor oversight, and auditable procedures.
• All-inclusive fees
  You avoid fragmented “per ticket” surprises by keeping representative operations, core compliance administration, and ongoing support under a clear and predictable structure.
• A multilingual team
  Cross-border compliance often fails at the communication layer. We help you handle notices, DSAR communications, and operational coordination with teams across jurisdictions.
• A breach platform and response workflow
  Monaco expects rapid data breach handling and documentation. We help you meet the 72-hour deadline by assisting you with the data breach notification.
• A compliance certificate
  We provide you with a compliance certificate based on blockchain technology, to help you showcase your compliance with the representative obligation.

In short

• If you are outside Monaco, you can still be in scope when you offer goods/services to people in Monaco or monitor their behaviour there. 
• If you are established outside Monaco but your processing is linked to offering goods or services to people in Monaco (or monitoring their behaviour there), you must appoint a representative in Monaco or in an EU Member State.
• EDPO can assist your company, acting as your one-stop shop representative for numerous European regulatory frameworks

Stay ahead of data protection rules.
Subscribe for weekly briefings

Need a representative fast? Request a quote