The Andorran data protection authority ('APDA') announced, on 21 September 2022, that the Government of Andorra had published two decrees approving regulations related to Law 29/2021, of 28 October, of Personal Data Protection ('the Law'), firstly the Decree 367/2022 of 14 September 2022 Approving the Regulations for the Application of the Law and, secondly, Decree 368/2022, of 14 September 2022, Approving the Regulations of the ADPA, following the entry into force of the Law in May 2022. In particular, the APDA noted that both Regulations intend to adapt the Andorran legal system to international data protection standards, notably standards within the European Union.

Moreover, the APDA highlighted, among other things, that the Regulations for the Application of the Law integrates all the necessary regulatory provisions under the Law, clarifying and adapting their application in practice, in order to provide legal security to those responsible for treatment, including administrations, private entities, companies, and associations. Furthermore, the ADPA emphasised that the Regulation of the ADPA establishes the APDA as a public body with its own independent legal personality, with full capacity to act, and further precises details on its composition, functions, inspection capacity, enforcement powers, and other principal activities contained in the Law.

In addition, the ADPA provided that the approval of both Regulations implies the updating of the following informative guides:

• Guide on the Role of the Data Protection Delegate ('DPD');
• Guide to Know if an Entity Must Appoint a DPD; and
• Guide on the use of Cookies, Privacy Policies, and Legal Notices.

You can read the press release here, the Decree on the Regulations for Application of the Law here, the Decree on Regulations of the ADPA here, and the guides here, here, and here, all only available in Catalan.