Financial Crime World

San Marino Enacts Strong Fines for Non-Compliance with Financial Regulations

San Marino has taken a significant step in protecting the personal data of its citizens by enacting a new law that sets out strict guidelines for companies operating within the country. The law, which came into effect in December 2018, defines data controllers and processors, outlines their responsibilities, and establishes severe punishments for non-compliance.

Key Provisions of the Law

  • Definition of Data Controllers and Processors: Any natural or legal person, public authority, agency, or other body that determines the purposes and means of processing personal data is considered a data controller or processor.
  • Rights of Data Subjects: San Marino citizens have a range of rights, including access to their personal data, rectification, erasure, restriction on processing, data portability, objection, and the right not to be subject to automated decision-making.
  • Responsibilities of Data Controllers and Processors: Companies must ensure that personal data is collected and processed in a fair, lawful, and transparent manner. They must obtain express consent from data subjects before collecting or processing their personal data, and may only process sensitive personal data under certain exceptions.

Enforcement and Penalties

San Marino’s Data Protection Authority will enforce the law and impose penalties on companies that fail to comply with its provisions. Fines of up to 10 million euros or 4% of total annual turnover in the preceding financial year can be imposed for serious breaches, while temporary or definitive limitation on processing or suspension of data flows may also be ordered.

Similarities with EU Regulations

The new law is designed to provide San Marino citizens with similar levels of protection as those afforded by the General Data Protection Regulation (GDPR) in the European Union. Despite being an enclave surrounded by Italy, San Marino has a significant economic relationship with the EU and must adhere to strict regulations and standards for personal data processing.

Conclusion

San Marino’s decision to enact this law demonstrates its commitment to protecting the rights of its citizens and ensuring that companies operating within the country adhere to high standards of data protection. The law provides a strong framework for safeguarding personal data and sets an example for other countries to follow in prioritizing the protection of citizens’ rights.