The General Data Protection Regulation (GDPR, Datenschutzgrundverordnung) of the European Union also affects Liechtenstein companies, institutions and associations within the framework of their domestic and foreign customer relations.
The GDPR also covers big companies, SMEs as well as sole proprietorships. Whenever a company processes personal data (this also includes, e.g. saving such data in a client index), the GDPR is applicable.
The GDPR contains a number of provisions that can be specified in greater detail or supplemented by the individual states. This means that despite uniform GDPR provisions, there are differences between individual European states. Around 70 so-called opening clauses are affected. These are governed by the national data protection acts of the individual states, and may be interpreted with differing degrees of strictness. As a result of the amendments to the GDPR, the data protection act in Liechtenstein is currently being completely revised and is expected to come into force by the end of 2018.
The principle of the duty of accountability is new. This means that companies must be able actively to demonstrate that the principles are being adhered to. This means:
The Liechtenstein Data Protection Office has posted information about the on its website. This information is designed to help companies to implement and work under the new provisions.