Functions of the Andorran Data Protection Agency

In December last year, we already analysed the new data protection law (Law 29/2021 of 28 October on personal data protection (LQPD), which will enter into force in May 2022 and which aims to equate Andorran regulations, in this area, with the GDPR. Within this action for the updating of these important regulations for the technological and business sector of the Pyrenean country, it should without a doubt be noted that the new regulations align the functions of the Andorran Data Protection Agency, the country’s data protection authority, with the European Member States.

What are the functions of the Andorran Data Protection Agency?

The area of ​​competence of the Andorran Data Protection Agency is established by the Decree dated 9-06-2010 approving the Regulation, and the most notable functions are:

1. To dictate instructions and recommendations.
2. To issue advisory reports and opinions on rules that affect privacy.
3. To propose improvements in relation to data protection regulations.
4. To serve public authorities and the general public.
5. To approve countries with an adequate level of data protection.
6. To initiate and settle disciplinary proceedings.
7. To prepare an annual report.

The activity of the Agency, summarised in the annual reports (available since 2005), can be consulted on its website.

What are the differences with the new regulations (LQPD)?

Undoubtedly, the forthcoming entry into force of the LQPD, scheduled for May 2022, will significantly increase the functions of the Andorran Data Protection Agency, while some of its “classic” functions will disappear.

In this last section, the most significant change will be that the registration of files will no longer be an obligation, so the consultation of the aforementioned files will no longer be available, thus eliminating this function or competence of the Andorran Data Protection Agency, as it is repealed by the LQPD.

The scope of the new functions is clearly superior, mentioning for information the following competencies that are added or clarified in relation to those mentioned above:

• Registration of tax representatives, for individuals who do not reside in Andorra (art. 2.2).
• Registration of membership codes (art. 27.3).
• Adoption of standard contractual clauses (art. 31.8).
• List of operations subject to and not subject to impact assessments (art. 32.4 and 5).
• Resolution of prior consultations (art. 33.1).
• Reception of notifications of security incidents (art. 36.1).
• Reception of notifications and publishing of the appointment of Data Protection Officers (art. 38.4).
• All the functions indicated in art. 50 of the LQPD.

In conclusion, through the new regulations that come into force from May 2022, the Andorran Data Protection Agency is clearly and definitively approved with the functions and powers of the Data Protection Authorities of the EU Member States. 

We will see how the organisation readjusts to such important changes and especially how Andorran companies and startups, or those that use processing resources in Andorra, adapt their internal protocols to the recommendations and instructions of the Andorran Data Protection Agency.

If you want more information about this or any other issue, don’t hesitate to contact us!

Information on data protection

Company name
LEGAL IT GLOBAL 2017, SLP
Purpose
Providing the service.
Sending the newsletter.
Legal basis
Compliance with the service provision.
Consent.
Recipients
Your data will not be shared with any third party, except service providers with which we have signed a valid service agreement.
Rights
You may access, rectify or delete your data and exercise the rights indicated in our Privacy Policy.
Further information
See the Privacy Policy.