Data & Privacy · Liechtenstein
Data & Privacy - Liechtenstein
Liechtenstein has a comprehensive, GDPR-aligned data-protection regime. As an EEA EFTA state it applies the GDPR directly (incorporated by EEA Joint Committee Decision No 154/2018, effective 20 July 2018), and its national Datenschutzgesetz (DSG) of 4 October 2018 entered into force on 1 January 2019 to complement and implement it. The independent Datenschutzstelle is the national supervisory authority.
Although not an EU member, Liechtenstein is an EEA EFTA state; the GDPR was incorporated into the EEA Agreement by Joint Committee Decision No 154/2018 (6 July 2018), making Regulation (EU) 2016/679 directly applicable.
The Datenschutzgesetz of 4 October 2018 (LR 235.1) was a total revision aligning national law with the GDPR; it entered into force on 1 January 2019 and supplements the directly applicable Regulation.
The Datenschutzstelle (DSS), based in Vaduz, is the independent national data-protection supervisory authority responsible for enforcing the GDPR and DSG.
The GDPR framework grants data subjects rights of access, rectification, erasure, portability and objection, and imposes controller/processor duties such as lawful basis, transparency, breach notification, records of processing and (where required) data protection impact assessments.
Liechtenstein's DSS participates in the European Data Protection Board, but for EEA EFTA states judicial oversight of GDPR matters runs through the EFTA Court rather than the Court of Justice of the EU.
Administrative fines follow the GDPR's two-tier maximums (up to EUR 20 million / EUR 10 million or 2-4% of global annual turnover); the DSS has been a comparatively low-activity enforcer.
Machine-assisted translation · verified 5/23/2026 · orientation, not legal advice. English version →