NEW
Report & API Now Live! Data insights report and open data API endpoints live as of September 23, 2025

Data Protection Act (Datenschutzgesetz -DSG)

type
Regulation
Jurisdiction
Full Name
Data Protection Act (Datenschutzgesetz -DSG) (Datenschutzgesetz (DSG) vom 4. Oktober 2018)
Official Name
Datenschutzgesetz (DSG) vom 4. Oktober 2018

Description

Description
Source

Liechtenstein Data Protection Act (DSG) Analysis

Overview

The Liechtenstein Data Protection Act (DSG) of 2018 implements the EU General Data Protection Regulation (GDPR) and the EU Law Enforcement Directive 2016/680 into national law. The law establishes comprehensive rules for the processing of personal data by both public and private entities, with a particular focus on protecting individual privacy rights while enabling legitimate data processing activities.

The regulation aims to:

  • Protect personal rights and fundamental freedoms of individuals regarding their personal data
  • Establish clear rules for data processing
  • Define responsibilities for data controllers and processors
  • Create an independent supervisory authority

Key Components

Scope and Jurisdiction

  • Applies to:
    • Public authorities in Liechtenstein
    • Private entities processing personal data
    • Automated and non-automated data processing
    • Data processing within filing systems

Data Protection Authority

The Datenschutzstelle (Data Protection Authority):

  • Acts as independent supervisory authority
  • Has investigation and enforcement powers
  • Provides guidance and handles complaints
  • Cooperates with other EU/EEA supervisory authorities

Technical Requirements

Key technical obligations include:

  • Implementation of appropriate technical and organizational measures
  • Following privacy by design and default principles
  • Conducting data protection impact assessments
  • Maintaining records of processing activities

Individual Rights

Protected rights include:

  • Right to information
  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability

Special Categories

The law provides enhanced protection for:

  • Sensitive personal data
  • Biometric data
  • Genetic data
  • Health data
  • Criminal records data

Enforcement

The regulation includes:

  • Administrative fines up to:
    • 11 million CHF or 2% of global turnover
    • 22 million CHF or 4% of global turnover
  • Criminal penalties for specific violations
  • Right to compensation for damages

Implementation Timeline

The law entered into force on January 1, 2019, with certain transitional provisions for:

  • Existing data processing activities
  • Appointed data protection officers
  • Video surveillance authorizations
  • Existing certifications and accreditations

Projects Following this Regulation

Project
Website
Source

If you are featured in the Web of Trust Map and wish to exercise your GDPR rights, including the right to be forgotten, visit the privacy policy page