Alja Poler De Zwart and Marijn Storm have co-authored an article with Thomson Reuters Practical Law, discussing Liechtenstein’s Data Protection Act and Data Protection Regulation, which implement the EU General Data Protection Regulation (GDPR). Within the article, they discuss key requirements of the Act, including requirements to appoint a data protection officer, exceptions permitting processing special categories of personal data, data subject rights derogations including under GDPR Article 23, and derogations for specific processing situations under GDPR Articles 85 to 91.
“The GDPR replaced the EU Data Protection Directive and introduced a single legal framework across the EU. However, the GDPR includes several provisions allowing EU member states to enact national legislation specifying, restricting, or expanding some requirements. Liechtenstein enacted the Data Protection Act and the Data Protection Regulation, which: aligns Liechtensteinian data protection law with the GDPR, repeals and replaces the prior data protection law and regulations, and changes some of the GDPR’s requirements.”