TRILANTICServicesSectorsPartnersResourcesAbout UsContact Us
Case StudiesTRILANTIC NewsletterFree Trial with your DataCost Savings CalculatorAsk The Experts
Document Library
Industrial Links
Glossary
News ReleasesFeatured Articles
Media KitForthcoming EventsEuropean Data Protection Rules

LATVIA

 

The State Data Inspectorate website: http://www.dvi.gov.lv/eng/

 

The Personal Data Protection Law (as amended in 2007): http://www.dvi.gov.lv/eng/legislation/pdp/

 

What needs to be done prior to collection?

 

NOTIFY THE DATA INSPECTORATE

 

Article 21

 

All State and local government intuitions, the natural persons and legal persons that carry out or wish to commence the personal data processing; notify it in the order determined by this Law:

 

Article 22

 

(1)     The institutions and persons referred to in the Article 21 of this Law which wish to commence personal data processing shall submit a notification application to the Data State Inspectorate that includes the following information:

1.       The name, surname and personal code (for a legal person – the title and registration number), address and telephone number of the data controller;

2.       The name, surname, and personal code of the personal data processor (if applicable), address the telephone number (for legal persons – the title and registration number);

3.       The legal basis for the personal data processing;

4.       The types of personal data and the purposes of personal data processing;

5.       The categories of data subject;

6.       The categories of personal data recipients;

7.       The intended method of personal data processing;

8.       The foreseen method of personal data obtaining;

9.       The place of personal data processing;

10.    The holder of information resources or technical resources, as well as the responsible person for the information system security;

11.    Technical and organisational measures ensuring the protection of personal data; and

12.    What personal data will be transferred to other countries, that are not the Member States of the European Union or European Economic Area

 

CONTACT THE DATA SUBJECT

 

Article 8

 

(1)     When collecting personal data from the data subject, the controller has a duty to provide a data subject with the following information unless it is already available to the data subject:

1.       The title or name and surname, and the address of the data controller and the personal data processor;

2.       The intended purpose and basis for the personal data processing;

 

(2)     Based on the request from the data subject, the data controller has a duty to provide the following information:

1.       The possible recipients of the personal data;

2.       The right of the data subject to gain the access to his or her personal data and to make corrections to such data;

3.       Whether providing an answer is mandatory or voluntary, as well as the possible consequences of failing to provide an answer

 

(3)     Paragraph one of this Article is not applicable if carrying out personal data processing without disclosing its purpose is authorised by law

 

 

Article 9

 

(1)     If personal data have not been obtained from the data subject, the data controller has a duty, when collecting or disclosing such personal data to a third person for the first time, to provide the data subject with the following information:

1.       The title or name and surname, and the address of the data controller and the personal data operator;

2.       The intended purpose and basis for the personal data processing;

 

(2)     Based on the request from the data subject, the data controller has a duty to provide the following information:

1.       The possible recipients of the personal data;

2.       The personal data categories and the source of obtaining the data;

3.       The rights of the data subject to gain the access to his or her personal data and to make corrections to such data

 

(3)     Paragraph one and two of this Article is not applicable if:

1.       The law provides for the processing of personal data without informing the data subject thereof; or

2.       When processing personal data for scientific, historical or statistical research, or the establishment of Latvian National Archive foundation, the informing of the data subject requires disproportionate effort or is impossible

 

What needs to be done prior to shipping?

 

Article 28

 

(1)     Personal data may be transferred to another country that is not the member state of the European Union or the European Economic Area, if that country ensures such level of data protection that corresponds to the relevant level of the data protection that is in force in Latvia

 

(2)     Exemptions from compliance with the requirements referred to in Paragraph 1 of this Article are permissible if the data controller undertakes to perform the supervision regarding the performance of the relevant protection measures and at least one of the following conditions is complied with:

1.       The data subject has given consent;

2.       The transfer of the data is necessary in order to fulfil an agreement between the data subject and the controller, the personal data are required to be transferred in accordance with contractual obligations binding upon the data subject or taking into account a request from the data subject, the transfer of data is necessary in order to enter a contract;

3.       The transfer of the data is necessary and requested pursuant to the prescribed procedures, in accordance with significant state or public interests, or it is required for legal proceedings;

4.       The transfer of the data is necessary to protect the life and health of the data subject;

5.       The transfer of the data concerns such personal data that are public or have been stored in a publicly accessible register

 

(3)     The evaluation of the level of personal data protection in accordance with paragraph one of this Article shall be performed by Data State Inspectorate and it shall issue permission in writing for the transfer of the personal data

 

(4)     In order for the Data Controller to ensure the supervision on the performance of the relevant protection measures in accordance with paragraph two of this Article, the data controller and the personal data receiver shall conclude the agreement on the personal data transfer. The requirements for the mandatory provisions for this contract shall be determined by the Cabinet of Ministers

 

(5)     Personal Data can be transferred to the other member state of European Union or the European Economic Area if that country ensures such level of data protection as corresponds to the relevant  level of data protection in force in Latvia

 

What are the sanctions for non-compliance?

 

See Article 29 for more detail

 

The rights of the Data State Inspectorate are as follows:

 

To bring an action to the course for violation of this law;

 

-          To annul the personal data processing certificate if by investigating the personal data processing violations are concluded;

-          To impose administrative penalties according to the procedures specified by law regarding violations of personal data processing

 

 

 

Please refer to the State Data Inspectorate website for more details on the Statute.

© TRILANTIC - All rights reserved. | Disclaimer | Client Login