CCIN / GDPR: Who is the Data Controller?
The Data Controller (CCIN)
In the context of data processing in Monaco, it is crucial to understand the various stakeholders, whether internal or external, who may handle data such as the data controller.
The « data controller, » as defined by Article 17 of Law No. 1.165 of December 23, 1993, as amended, is the natural or legal person who determines the purpose of the processing and provides the means for its implementation.
The data controller must ensure the security and confidentiality of the data. They are «required to provide appropriate technical and organizational measures to protect personal information against accidental or unlawful destruction, accidental loss, alteration, disclosure, or unauthorized access.»
In practice, the obligations of the data controller are as follows:
- Ensure full compliance of the company with Monaco and European laws in force
- Complete all formalities with the CCIN
- Ensure the technical security of personal and sensitive data
- Inform users, customers, employees, and contacts about the use and processing of their personal data, including automation, notably on the company’s website
- Respond to requests and inquiries from individuals or entities regarding their personal data
- Establish and update data registers and make them available to competent authorities.
The name and contact information of the data controller must be provided to the CCIN and also made available to the public, for example, on the company’s website. The data controller must be reachable at all times through simple and direct means of communication, such as phone or email.
Additionally, if the data controller is based abroad, they are also required to designate a representative in the Monegasque territory, in accordance with applicable regulations.
The Signatory of the Declaration (CCIN)
The signatory of the declaration must be a natural person. Typically, this is the owner or director of the company.
The signatory of the declaration can be a legal representative of the company, but in all cases, they must have the powers and authorizations required to engage the company’s responsibility.
The Data Protection Officer or DPO (GDPR)
Under the General Data Protection Regulation (GDPR) of the European Union (EU), the data controller is referred to as the «Data Protection Officer» or «DPO.»
The Data Protection Officer (DPO) ensures GDPR compliance within the company and all data processing activities.
While strongly recommended, the appointment of a DPO is optional, but it becomes mandatory for public bodies and for systematic processing of personal or sensitive data on a large scale.
The Data Protection Officer (DPO) can be appointed internally or as an external service provider. To ensure the effectiveness of their duties, the DPO must possess specific professional skills and in-depth expertise. Additionally, they must have the material and organizational resources necessary to fulfill their functions adequately, such as mapping out all data processing activities.
For small and medium-sized enterprises (SMEs), it is advisable to seek external assistance or training to ensure the DPO’s ability to fulfill their responsibilities.
Baccana Digital Consulting offers compliance services for Monaco’s data protection and security laws. If needed, we can advise on DPO outsourcing solutions.
Sécurity + Compliance CCIN / GDPR: FREE CONSULTATION
FREE Consultation: Security and Compliance in Monaco
Protect your data and that of your clients and users! Baccana Digital Consulting helps you secure your website and business while ensuring compliance!
Contact us today for a free 30-minute consultation with our CCIN/RGPD compliance and security experts in Monaco.