Law: Personal Data Protection Law 79/08, 70/09, 044/12, and 022/17 (only available to download in Montenegrin here) (PDPL)

Regulator: Agency for Personal Data Protection and Free Access to Information (AZLP)

Summary: Montenegro is not a member of the EU, and therefore not subject to the GDPR. However, Montenegro has been granted 'candidate status' for EU membership.

Montenegro adopted the Personal Data Protection Law 79/08, 70/09, 044/12, and 022/17 (only available to download in Montenegrin here) (PDPL) on December 23, 2008. The PDPL was subsequently revised a few times, with its last amendment in 2017. The PDPL is based on the Data Protection Directive (Directive 95/46/EC) and is currently being revised in order to align it with the GDPR. The PDPL contains provisions on special categories of data, data subject rights, data transfers, and measures to safeguard personal data. In addition, the PDPL establishes the supervisory authority, the Agency for Personal Data Protection and Free Access to Information (AZLP) and outlines the calculation of penalties for violating the PDPL.

The AZLP was granted observer status in the European Data Protection Board (EDPB) in 2018, allowing the AZLP to attend the EDPB's plenary meetings and monitor its work, with the aim of aligning the PDPL with the GDPR.