Privacy Laws

Latvia's data protection in comparison to the GDPR

The flag of Latvia with a harbour in the background
© Uldis Laganovskis / stock.adobe.com | #604706341

General overview

In Latvia, the primary legislation governing data protection is the Personal Data Processing Law of 21 June 2018. This law was enacted to align Latvia's data protection framework with the EU's General Data Protection Regulation (GDPR). The law came into effect on 5 July 2018 and sets the legal foundation for GDPR implementation in the country.

GDPR opening clauses

The Latvian government has also introduced additional regulations to supplement the GDPR. One such regulation is the Government Regulations No. 620, known as the Data Protection Specialist Qualification Rules, adopted on 6 October 2020. These rules specify the qualifications required for data protection specialists. Moreover, the government is expected to introduce further regulations concerning licensing requirements for institutions that monitor compliance with codes of conduct.

Key differences and national specifics

  1. Guidelines by Data State Inspectorate (DVI): The DVI has issued several guidelines to assist with GDPR compliance. These guidelines cover a range of topics, from data subject rights to data protection impact assessments (DPIAs).
  2. Sector-specific guidelines: The DVI has collaborated with professional organizations to develop guidelines for data processing in specific sectors, such as the electronic communications sector.
  3. Covid-19 data processing: The DVI has also issued recommendations concerning the processing of data related to Covid-19, affecting various stakeholders like employees, customers, and children.
  4. Data Protection Officers (DPOs): The DVI has provided extensive guidelines and FAQs on the appointment of DPOs, outlining their roles, responsibilities, and qualifications.
  5. European Data Protection Board (EDPB) Opinion: The EDPB has published an opinion specifically for Latvia, focusing on the processing operations that require a data protection impact assessment.

Conclusion

Latvia has a comprehensive data protection framework that aligns closely with the GDPR. The country has also taken additional steps to provide guidelines and regulations that address national specifics and sectoral needs. This makes Latvia's approach to data protection both robust and adaptable to changing needs.