Law: Law No. 171 of 21 December 2018, Protection of Natural Persons with Regard to the Processing of Personal Data (the Law)

Regulator: Guarantor for the Protection of Personal Data (Guarantor)

Summary: San Marino implemented the GDPR on January 5, 2019 through Law No. 171 of 21 December 2018, Protection of Natural Persons with Regard to the Processing of Personal Data (the Law). The Law provides for a data protection framework that echoes the GDPR.

In light of the above, the Law was drafted considering the third-country status of San Marino in an ongoing effort to obtain an adequacy decision from the European Commission and enable data flows with the EU. The Guarantor for the Protection of Personal Data (the Guarantor) is an independent administrative authority made up of a three-member collegial panel and an office, and took office on February 1, 2020. In respect of the international landscape, San Marino has signed the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (the Convention 108) and is also a member of the Global Privacy Assembly (GPA), following an accreditation resolution that included the Guarantor as a new member.