On December 14, 2024, the Data State Inspectorate (DVI) issued guidance on the importance of implementing procedures for monitoring internal processes and an action plan in cases of non-compliance. The DVI explained that these procedures help evaluate internal data processing activities and identify issues before they jeopardize safety, ensuring a swift response to detected non-conformities.

Specifically, the DVI emphasized that developing appropriate internal procedures and providing regular training will ensure employees understand their responsibilities in specific situations. The DVI highlighted that a procedure for monitoring internal processes involves systematic reviews of data processing activities to guarantee compliance with the General Data Protection Regulation (GDPR) and that such procedures should outline their purpose and scope, define responsible positions, and include processes for conducting internal audits to identify non-compliance early.

Furthermore, the DVI noted that a sequential description of steps for addressing identified non-conformities is essential, including reporting to the responsible individual, analyzing causes, and taking corrective action. The DVI also recommended establishing an action plan for non-conformities that includes documentation of issues, immediate reporting, corrective measures, and setting deadlines for resolution.

Finally, the DVI stressed the importance of understanding the reasons for non-compliance and designating responsible personnel to foster a careful and responsible approach towards users' personal data.

You can read the press release, only available in Latvian, here.