Support Centre

Latvia

Summary

Law: Personal Data Processing Law of 21 June 2018 (the Law) and the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR)

Regulator: Data State Inspectorate (DVI)

Summary: On June 21, 2018, the Personal Data Processing Law of 21 June 2018 (the Law) entered into force to implement the GDPR. In addition, Latvia implemented the Data Protection Directive with Respect to Law Enforcement (Directive (EU) 2016/680) into national law on August 5, 2019.

Furthermore, the Data State Inspectorate (DVI), as the primary data protection regulator in Latvia, is responsible for enforcing the Law and for providing guidance on the GDPR. To date, the DVI has issued guidance on data processing in the context of Small and Medium Enterprises (SMEs) and the protection of health information. Another key regulator in Latvia is the Board of the Financial and Capital Market Commission (FCMC) which has taken enforcement action with regards to anti-money laundering and countering the financing of terrorism.

Insights

Article 37 of the General Data Protection Regulation (GDPR) obliges data controllers and processors to designate a data protection officer (DPO). As part of this obligation, data controllers and processors are also required to publish the contact details of the DPO and to communicate the DPO's contact details to relevant supervisory authorities. In part one of this Insight series, OneTrust DataGuidance focuses on the requirement to communicate DPO contact details to the relevant supervisory authorities, providing an overview of the rules and guidelines for DPO contact registration across Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the UK.

The Data State Inspectorate ('DVI') published, on 16 March 2022, guidelines for using cookies on websites1 ('the Cookie Guidelines') and a model cookie policy2. The Cookie Guidelines are very comprehensive and discuss among other things, consent, consent exemptions, transparency obligations and cookie consent mechanism while also outlining different types of cookies. OneTrust DataGuidance summarises the key points from the Cookie Guidelines.