Skip to main content

Article 30 — Entry into Force and Transitional Provisions

  1. This Code shall enter into force on the date of its publication in the Official Gazette of the Principality of Kaharagia. From that date, this Code shall be binding in its entirety and directly applicable to all persons and entities within the personal jurisdiction of the Principality, subject to the transitional provisions set out in paragraphs 2 and 3.
  2. Controllers and processors who, at the date of entry into force of this Code, are engaged in processing operations that are subject to this Code shall bring their processing operations into full compliance with the provisions of this Code within one hundred and eighty days from the date of entry into force. During the transitional period, such controllers and processors shall take all reasonable steps to progress towards compliance and shall, in any event, ensure that no processing operation carried out during the transitional period causes material harm to the rights and freedoms of data subjects.
  3. Processing operations commenced before the date of entry into force of this Code that comply with the law as it stood at that time shall be deemed lawful until the expiry of the transitional period referred to in paragraph 2, provided that the controller or processor concerned is making demonstrable progress towards compliance with this Code. Upon the expiry of the transitional period, all processing operations must comply with this Code in full, and the presumption of lawfulness under this paragraph shall cease to apply.
  4. The Sovereign may, by decree, adopt further regulations, rules, or technical standards for the implementation and application of this Code. Such implementing measures may address, inter alia:
    1. the detailed procedures for the exercise of data subject rights under Title II;
    2. the technical and organisational standards for data security under Article 16;
    3. the form and content of notifications of personal data breaches;
    4. the criteria for assessing the adequacy of the data protection framework of foreign jurisdictions;
    5. the procedures for the lodging, handling, and resolution of complaints under Article 27;
    6. any other matter that the Sovereign considers necessary or expedient for the effective implementation of this Code.
  5. References in other laws, decrees, regulations, or official instruments of the Principality to the protection of personal data or to the rights of data subjects shall, unless the context otherwise requires, be read as references to the corresponding provisions of this Code. Where any such law, decree, regulation, or instrument is inconsistent with this Code, this Code shall prevail to the extent of the inconsistency, except where a provision of the Fundamental Laws provides otherwise.
  6. The supervisory authority shall, within ninety days of the entry into force of this Code, publish guidance for controllers and processors on the steps required to achieve compliance during the transitional period referred to in paragraph 2, and shall make itself available to respond to inquiries from controllers and processors concerning their obligations under this Code.