Andorra DPL

Llei qualificada de protecció de dades personals (Law 29/2021)

Flag of AD
AndorraOpt-inNational
Back to Regulations Guide

Key Facts

Effective Date
May 1, 2022
Enacted
January 1, 2021
Enforcing Authority
APDA (Agència Andorrana de Protecció de Dades)
Consent Model
Opt-in
Applies To
Organizations processing personal data in Andorra

Overview

Andorra's Law 29/2021 is a comprehensive GDPR-aligned data protection law replacing earlier legislation. The APDA (Andorran Data Protection Agency) serves as the independent enforcement authority. Andorra is not an EU or EEA member but maintains close alignment with EU data protection standards.

What This Means for Your Website

  • Consent is required for processing personal data of Andorran visitors
  • Standard data subject rights apply (access, rectification, erasure)
  • Andorra has not yet received an EU adequacy decision, which may affect cross-border data transfers
  • The APDA actively oversees data protection compliance

Key Requirements

The APDA enforces the law as an independent authority. Specific penalty amounts are not widely documented in English. The law provides GDPR-aligned data subject rights and cross-border transfer restrictions. Andorra's proximity to the EU and alignment with GDPR standards suggests increasing enforcement maturity.

How ConsentStack Handles This

ConsentStack applies GDPR-compliant consent standards for Andorran visitors, ensuring compliance with the APDA's requirements.

Penalties

Administrative fines (specific amounts not widely documented in English).

Key Requirements

  • Consent required for personal data processing
  • Data subject rights including access, rectification, erasure
  • DPA oversight and enforcement
  • Cross-border transfer restrictions

Notable Provisions

  • Not EU or EEA member
  • No EU adequacy decision yet
  • Independent active DPA (APDA)
  • GDPR-aligned framework

Other Europe Regulations

GDPREuropean Union + EEA
The GDPR sets the global standard for data protection, requiring explicit opt-in consent before processing personal data of EU/EEA residents. For websites, non-essential cookies must be blocked until visitors actively consent. Pre-ticked boxes and implied consent are invalid.
PECRUnited Kingdom
PECR is the UK's cookie-specific law, requiring consent before storing or accessing cookies. The DUAA 2025 significantly increased penalties from GBP 500,000 to GBP 17.5 million and introduced analytics exceptions on an opt-out basis. Only strictly necessary cookies are exempt.
ePrivacy DirectiveEuropean Union + EEA
Article 5(3) of the ePrivacy Directive is the primary EU legal basis requiring cookie consent. It mandates prior informed consent before storing or accessing any information on a user's device, with narrow exceptions only for transmission necessity and explicitly requested services.
FDPAFrance
France has the most actively enforced cookie regime in Europe. CNIL issued 259 corrective decisions in 2025, with cookie-specific fines totaling EUR 486.8 million including EUR 325M against Google. A Refuse all button or Continue without accepting must appear on the first layer.
UK GDPRUnited Kingdom
The UK GDPR is the retained EU GDPR post-Brexit, with consent standards identical to the EU version. The UK adequacy decision was renewed December 2025, valid until December 2031. Combined with PECR, it forms the legal framework for cookie consent in the UK.
TDDDGGermany
Germany implements the ePrivacy Directive through Section 25 of TDDDG (renamed from TTDSG in May 2024). A Consent Management Ordinance (EinwV) became effective April 2025, establishing a voluntary framework for recognized consent management services. Cookie banners must not obscure website content.

Frequently Asked Questions

Is Andorra part of the EU or EEA?

No. Andorra is an independent microstate but maintains close alignment with EU data protection standards through Law 29/2021.

Does Andorra have an EU adequacy decision?

Not yet. Andorra has applied for but not yet received EU adequacy status for data transfers.

Who enforces data protection in Andorra?

The APDA (Andorran Data Protection Agency) serves as the independent enforcement authority.

Stay compliant with Andorra DPL

ConsentStack helps you implement Opt-in consent for Andorra automatically.

Get started free