Priorities of Latvian Data State Inspectorate

published on 13 December 2019 | Reading time approx. 1 minute

The Data State Inspectorate (hereinafter – DSI), the Latvian national supervisory authority responsible for the protection of personal data, has announced its priorities for the year 2019 and henceforth.

Since May 25, 2018, the provisions of the General Data Protection Regulation (GDPR) are applicable. As the main goals of GDPR were to achieve a stricter and more coordinated legal framework for the protection of personal data as well as free movement (transfer) of such data, GDPR imposes several obligations to everybody that collects or carries out any other actions with personal data in order to guarantee uninterrupted compliance with the provisions therein whenever personal data is being processing.
 

Considering that among the main goals of the DSI is the protection of the fundamental rights to privacy and data protection as well as ensuring that personal data is processed in compliance with GDPR, in order to improve the effectiveness of personal data protection and to ensure uniform approach when exercising its supervisory functions, the DSI has publicly announced that its main priorities as a supervisory authority are:

• video surveillance;
• monitoring the performance of data controllers with regard to their duties and obligations towards data subjects;
• ensuring the observation of warnings and implementation of recommendations and orders of the DSI.

 
Since video surveillance is recognized as one of the most substantial data processing activities that has a considerable impact on data subjects, data processing by means of video surveillance is subject to several very strict requirements. Such requirements include, but are not limited to:

• the obligation to assess whether video surveil-lance is justified (legitimate) and necessary;
• evaluation of the purposes of video surve-illance;
• assessment on the placement of video cameras;
• proper placement of warning signs, provision of information to data subjects;
• obligation to define the tools and technical equipment used for proper processing of personal data;
• the obligation to comply with the requirements for safe storage of personal data and the access thereto.

 
It should also be noted that, according to the current data protection legal framework, not only the data controller, but also the data processor carrying out the processing of personal data in accordance with the instructions of the data controller, shall be responsible for compli-ance with the requirements listed above.
 

Taking all of the aforementioned into account, proper attention must be brought to the implementation of all necessary internal proce-dures and policies in order to ensure compliance with the legal obligations applicable to the processing and protection of personal data protection, as the priorities of the DSI include, inter alia, preventive actions, i.e., issuing warnings and imposing fines for breaches of laws regulating data protection.
 

Another important aspect that both controllers and processors should take into account is that having proper internal procedures for personal data processing in place not only protects the accountability of a company and its management, but also gives control over data processing and serves as an effective instrument for cooperation with supervisory authorities, as well as ensures being able to immediately respond to incidents, all of which taken together improves the reputation of a company.