Work on national personal data processing law

On 25 May 2018, the GDPR (Regulation (EU) 2016/679) entered into effect in all the EU Member States. In accordance with the GDPR, the Member States shall introduce provisions to specify the application of the GDPR provisions in their respective national legislation.

The Latvian law that fulfils this requirement specifies the GDPR’s application, the rights and duties of the competent authority, and the liability of officials, and introduces the institute of the data protection officer. However, the law is still being processed, and it currently awaits the examination by the Saeima (the Latvian Parliament) in the second readings.

The provisions most likely to be included in the national Personal Data Processing Law without any changes are:

  1. The minimum age of 13 years applied to a child's consent in relation to the information of society services.
  2. The exclusions applicable to data processing for journalistic purposes, or the purpose of academic, artistic, or literary expression, as well as for the official publications.

The supervision of conformity to the GDPR provisions and national law will be delegated to the Data State Inspectorate (DSI), which currently has these duties. When supervising, the DSI shall take the violation occurred (or likely to occur) into consideration and shall act on the principle of ‘consult first’ that aims at ensuring that the applicable request is clear to entrepreneurs. Within the first year of applying the GDPR, the DSI has committed itself not to impose severe penalties, but to explain the non-conformity to the subjects and provide guidance on the necessary steps to prevent violations in future.

Latest news

Regulations and manuals cannot ensure compliance with GDPR if not used properly

Two month have passed since General Data Protection Regulation (GDPR) has entered into force. We assume that those of you running a business have already reviewed your operations and internal procedures and they are now fully compliant with complex requirements of GDPR. You have probably made clear the amount in which the regulations apply to the organization. Perhaps you have mapped out the current situation, carried out audits and written up manuals and stored them into folders.

Get the latest legal news

We gladly share our knowledge with you. Subscribe to our newsletters.

Subscribe here