Armenia - Personal Data Protection & Consent Law | ConsentStack

Back to Regulations Guide

Key Facts

Effective Date

January 1, 2015

Enacted

January 1, 2015

Enforcing Authority

Personal Data Protection Agency

Consent Model

Opt-in

Applies To

Organizations processing personal data in Armenia

Overview

Armenia's data protection law requires prior express consent for processing personal data, enforced by a dedicated Personal Data Protection Agency. The framework is part of Armenia's broader EU integration and association agreement efforts.

What This Means for Your Website

Prior express consent is required for processing personal data of Armenian visitors
Registration with the DPA may be required
Cross-border data transfer restrictions apply
Standard data subject rights are provided (access, rectification, deletion)

Key Requirements

The Personal Data Protection Agency enforces the law with administrative penalties. Prior express consent is the primary legal basis for processing. Cross-border transfer restrictions and DPA registration requirements add compliance obligations.

How ConsentStack Handles This

ConsentStack applies opt-in consent for Armenian visitors, meeting the prior express consent requirement.

Penalties

Administrative fines (specific amounts not widely documented in English).

Key Requirements

Prior express consent for processing
Data subject rights including access, rectification, deletion
Registration with DPA
Cross-border transfer restrictions

Notable Provisions

Part of Armenia EU association agreement framework
Dedicated enforcement agency
Prior express consent required

Other Europe Regulations

GDPREuropean Union + EEA

The GDPR sets the global standard for data protection, requiring explicit opt-in consent before processing personal data of EU/EEA residents. For websites, non-essential cookies must be blocked until visitors actively consent. Pre-ticked boxes and implied consent are invalid.

PECRUnited Kingdom

PECR is the UK's cookie-specific law, requiring consent before storing or accessing cookies. The DUAA 2025 significantly increased penalties from GBP 500,000 to GBP 17.5 million and introduced analytics exceptions on an opt-out basis. Only strictly necessary cookies are exempt.

ePrivacy DirectiveEuropean Union + EEA

Article 5(3) of the ePrivacy Directive is the primary EU legal basis requiring cookie consent. It mandates prior informed consent before storing or accessing any information on a user's device, with narrow exceptions only for transmission necessity and explicitly requested services.

Loi Informatique et LibertésFrance

France has the most actively enforced cookie regime in Europe. CNIL issued 259 corrective decisions in 2025, with cookie-specific fines totaling EUR 486.8 million including EUR 325M against Google. A Refuse all button or Continue without accepting must appear on the first layer.

UK GDPRUnited Kingdom

The UK GDPR is the retained EU GDPR post-Brexit, with consent standards identical to the EU version. The UK adequacy decision was renewed December 2025, valid until December 2031. Combined with PECR, it forms the legal framework for cookie consent in the UK.

Germany implements the ePrivacy Directive through Section 25 of TDDDG (renamed from TTDSG in May 2024). A Consent Management Ordinance (EinwV) became effective April 2025, establishing a voluntary framework for recognized consent management services. Cookie banners must not obscure website content.

Frequently Asked Questions

Does Armenia require data protection consent?

Yes. Armenia requires prior express consent for processing personal data, enforced by a dedicated Personal Data Protection Agency.

Is Armenia aligned with EU data protection?

Partially. Armenia's data protection law is part of its EU association agreement framework, with ongoing alignment efforts.

Who enforces data protection in Armenia?

The Personal Data Protection Agency, a dedicated enforcement authority.

Stay compliant with Armenia PDPL

ConsentStack helps you implement Opt-in consent for Armenia automatically.