Vatican: Adopted General Regulation on the Protection of Personal Data (Decree No. DCLVII)

On 30 April 2024, the Pontifical Commission for Vatican City State promulgated the General Regulation on the Protection of Personal Data (Decree No. DCLVII), which came into effect on the same day. The Regulation is based on the fundamental principles and essential requirements of the General Data Protection Regulation (GDPR). It was promulgated as an "ad experimentum" for a three-year period. According to the Regulation, the processing of personal data requires a legitimate purpose and the consent of the data subject. Moreover, the processing of personal data revealing sensitive characteristics such as racial or ethnic origin, political opinions, or biometric data is prohibited. Additionally, to ensure transparency, specific information is provided to the data subject.