Support Centre

Lithuania

Summary

Law: Law No XIII-1426 of 30 June 2018 amending Law No I-1374 (only available in Lithuanian here) (the Law) and the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR)

Regulator: State Data Protection Inspectorate (VDAI)

Summary: Lithuania implemented the GDPR through Law No XIII-1426 of 30 June 2018 amending Law No I-1374 (only available in Lithuanian here) (the Law).

The State Data Protection Inspectorate (VDAI) has been active in enforcing data protection legislation and in publishing guidelines which address biometric data, the processing of personal data in the context of debt collection, as well as security measures and risk assessments. Areas of focus for the VDAI have been biometric data, as indicated by its thorough review of the use of biometric data in sports, strengthening international cooperation, and educating the public in the field of personal data protection. In addition, the VDAI recently published an inspection plan for 2020 where it outlines that it will carry out inspections of at least 50 organisations, including organisations in the financial services and e-commerce sectors.

Insights

Article 37 of the General Data Protection Regulation (GDPR) obliges data controllers and processors to designate a data protection officer (DPO). As part of this obligation, data controllers and processors are also required to publish the contact details of the DPO and to communicate the DPO's contact details to relevant supervisory authorities. In part one of this Insight series, OneTrust DataGuidance focuses on the requirement to communicate DPO contact details to the relevant supervisory authorities, providing an overview of the rules and guidelines for DPO contact registration across Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the UK.