CCIN Monaco : fines, sanctions and penalties
What are the CCIN’s sanctions and penalties?
Law No. 1.165 of December 23, 1993, as amended on the protection of personal information, provides for two distinct types of sanctions and penalties:
- Administrative sanctions (articles 19 and 23)
- Criminal sanctions (articles 21, 22, and 23)
Whether the offenses are voluntary or involuntary, for example, by lack of information or incomplete declaration, the effective implementation of processing of personal data without prior declaration approved by the CCIN may give rise to serious consequences for the company, whether in terms of criminal consequences or damage to its reputation.
CCCIN / Monaco : Monaco Compliance Guide
Compliance Monaco : The Complete Guide to CCIN / RGPD
Everything you need to know about personal data processing in Monaco: Control Authority for Personal Information (CCIN), General Data Protection Regulation (GDPR), obligations, penalties, and steps for ensuring perfect compliance for your business or organization!
Administrative sanctions (articles 19 and 23)
If irregularities are noted by the President of the Commission for the Control of Personal Information, the latter draws up a report for the controller, who has one month to respond.
The President of the CCIN may send a warning to the data controller concerning the irregularities observed, or even a formal notice to put an end to them or to eliminate their effects.
The President of the CCIN immediately reports irregularities constituting criminal offenses to the Prosecutor General. He may also decide to make public any decision pursuant to article 19 of the law.
Finally, according to article 23: “Any conviction pronounced in application of the two preceding articles automatically entails the cessation of the effects of the declaration or authorization and the removal from the directory of automated processing operations.”
The court may also order the destruction without compensation of the incriminated media and prohibit re-registration in the directory for a period of six months to three years.
Criminal sanctions provided for by article 21
In accordance with the Penal Code, Article 21 of the law provides for sanctions ranging from one to six months’ imprisonment, particularly in the following cases:
- Automated processing of personal data without prior formalities.
- Illicit collection or without prior consent of personal data.
- Refusal to provide an applicant with their personal information, to correct this data, or to delete it.
- Disclosure of information harmful to a person’s reputation or privacy.
- Conservation of personal data after expiry of deadlines validated by the CCIN.
- Transfer of personal information to countries without adequate protection;
Criminal sanctions provided for by article 22
Article 21 of the law provides for a fine of 18,000 to 90,000 euros, as well as sanctions ranging from three months to one year of imprisonment, in particular in the following cases:
- Collection or processing of personal data strictly reserved for specific authorities, organizations, or individuals.
- Collection of personal data in a fraudulent, unfair, unlawful manner, or deliberate transfer of inaccurate information to data subjects.
- Obstructions or failures in the context of investigations related to the processing of personal data.
- Use of personal data despite the clear opposition of the data subjects.
- Misuse of the purposes of personal data.
Sécurity + Compliance CCIN / GDPR: FREE CONSULTATION
FREE Consultation: Security and Compliance in Monaco
Protect your data and that of your clients and users! Baccana Digital Consulting helps you secure your website and business while ensuring compliance!
Contact us today for a free 30-minute consultation with our CCIN/RGPD compliance and security experts in Monaco.