05.12.2017

News

Steps to comply with EU data protection regulation (GDPR) in Estonia

The GDPR stipulates that data controllers must maintain records of personal data processing activities. However, GDPR limits this obligation.

The obligation does not apply to an enterprise or an organization employing fewer than 250 persons unless the processing of data is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data.

As the aforementioned exceptions are quite vague, it should be examined how different data protection authorities (DPA’s) understand the obligation. The Estonian DPA, for example, is very strict and finds that a company should even keep a record of the processing of their own employees' data.

For more information, please contact partner Katrin Sarap or associate Siiri Kuusik.

Latest news

Cryptocurrency licenses in Estonia: First year overview

Almost one year has passed since the new Money Laundering and Terrorist Financing Prevention Act (MLTFPA) came into force introducing two types of licenses for cryptocurrency in Estonia. MLTFPA has helped businesses dealing with cryptocurrencies to understand whether they are required to apply for a license or whether they can operate without one.

Get the latest legal news

We gladly share our knowledge with you. Subscribe to our newsletters.

Subscribe here