Data protection & privacy laws in New Caledonia (2026)

Ordonnance n°2018-1125 of 12 December 2018 expressly extended the reformed Loi Informatique et Libertés (aligning French law with GDPR) to New Caledonia. Full compliance obligations applied from 1 June 2019, covering both public and private sector data controllers established in the territory.

The CNIL holds full supervisory, investigative, and sanctions powers over data processing activities in New Caledonia. Data subjects may lodge complaints with CNIL; controllers must respond to CNIL inquiries and enforcement actions in the same manner as mainland France.

Controllers and processors in New Caledonia must comply with the full GDPR accountability framework: maintain a record of processing activities, conduct DPIAs for high-risk processing, appoint a DPO where required, and notify CNIL of personal data breaches within 72 hours.

Individuals in New Caledonia hold the full suite of GDPR-equivalent rights: right of access, rectification, erasure ('right to be forgotten'), restriction, data portability, and objection. The Province Sud government, for example, publishes a formal procedure for exercising these rights against provincial data processing.

New Caledonia's Direction du Numérique (DINUM) publishes official GDPR compliance guidance for local organisations, confirming the framework's applicability and providing practical implementation tools tailored to the territory.

The July 2025 Bougival Accord proposed enhanced autonomy ('State of New Caledonia' within France) but was rejected by the pro-independence bloc in August 2025; a follow-on agreement was reported in January 2026. No enacted change has altered the data protection framework, which continues to operate under French law and CNIL oversight.