San Marino DPL

Data Protection Law (Legge sulla protezione dei dati personali)

Flag of SM
San MarinoOpt-inNational
Back to Regulations Guide

Key Facts

Effective Date
January 1, 2000
Enacted
January 1, 2000
Enforcing Authority
Autorità Garante per la Protezione dei Dati Personali
Consent Model
Opt-in
Applies To
Organizations processing personal data in San Marino

Overview

San Marino has a data protection framework enforced by the Autorità Garante per la Protezione dei Dati Personali. As a member of Council of Europe Convention 108+, San Marino adheres to recognized international data protection standards despite not being an EU member.

What This Means for Your Website

  • Consent-based processing is required for personal data of San Marino residents
  • Standard data subject rights apply under the Convention 108+ framework
  • San Marino has its own active DPA for enforcement
  • Specific penalty amounts are not widely documented

Key Requirements

The Autorità Garante enforces data protection requirements. San Marino's membership in Convention 108+ ensures baseline data protection standards. The DPA has the authority to investigate and enforce data protection compliance.

How ConsentStack Handles This

ConsentStack applies consent-based processing standards for San Marino visitors, ensuring compliance with the Convention 108+ framework.

Penalties

Not publicly documented in detail.

Key Requirements

  • Consent-based processing
  • Data subject rights
  • Convention 108+ compliance

Notable Provisions

  • Council of Europe Convention 108+ member
  • Active DPA
  • Not EU member

Other Europe Regulations

GDPREuropean Union + EEA
The GDPR sets the global standard for data protection, requiring explicit opt-in consent before processing personal data of EU/EEA residents. For websites, non-essential cookies must be blocked until visitors actively consent. Pre-ticked boxes and implied consent are invalid.
PECRUnited Kingdom
PECR is the UK's cookie-specific law, requiring consent before storing or accessing cookies. The DUAA 2025 significantly increased penalties from GBP 500,000 to GBP 17.5 million and introduced analytics exceptions on an opt-out basis. Only strictly necessary cookies are exempt.
ePrivacy DirectiveEuropean Union + EEA
Article 5(3) of the ePrivacy Directive is the primary EU legal basis requiring cookie consent. It mandates prior informed consent before storing or accessing any information on a user's device, with narrow exceptions only for transmission necessity and explicitly requested services.
Loi Informatique et LibertésFrance
France has the most actively enforced cookie regime in Europe. CNIL issued 259 corrective decisions in 2025, with cookie-specific fines totaling EUR 486.8 million including EUR 325M against Google. A Refuse all button or Continue without accepting must appear on the first layer.
UK GDPRUnited Kingdom
The UK GDPR is the retained EU GDPR post-Brexit, with consent standards identical to the EU version. The UK adequacy decision was renewed December 2025, valid until December 2031. Combined with PECR, it forms the legal framework for cookie consent in the UK.
TDDDGGermany
Germany implements the ePrivacy Directive through Section 25 of TDDDG (renamed from TTDSG in May 2024). A Consent Management Ordinance (EinwV) became effective April 2025, establishing a voluntary framework for recognized consent management services. Cookie banners must not obscure website content.

Frequently Asked Questions

Does San Marino have data protection laws?

Yes. San Marino has a data protection framework with an active DPA and is a member of Council of Europe Convention 108+.

Is San Marino subject to GDPR?

No. San Marino is not an EU member. It follows Council of Europe Convention 108+ standards for data protection.

Who enforces data protection in San Marino?

The Autorità Garante per la Protezione dei Dati Personali serves as the DPA.

Stay compliant with San Marino DPL

ConsentStack helps you implement Opt-in consent for San Marino automatically.

Get started free