Privacy Laws

Lithuania's data protection in comparison to the GDPR

The flag of Lithuania with a busy city street in the background — © MNStudio / stock.adobe.com | #552575399

General overview

Lithuania has enacted a new version of the Law on Legal Protection of Personal Data, effective from July 16, 2018, to align with the GDPR. The Lithuanian State Data Protection Inspectorate is the supervisory authority responsible for overseeing GDPR compliance in the county.

GDPR opening clauses

Lithuania has made use of the GDPR's opening clauses to address various derogations, including those related to national security, freedom of expression, and employment. The law also sets the minimum age for consent to information society services at 14 years.

Key differences and national specifics

Personal codes: Lithuania allows the processing of personal codes (National ID numbers) under specific conditions, but these cannot be used for direct marketing or disclosed publicly.
Freedom of expression: Certain GDPR provisions are not applicable when personal data is processed for journalistic, academic, artistic, or literary purposes.
Employment data: Employers are restricted from checking criminal records of potential or existing employees unless mandated by law for specific job roles.
Child's age: The minimum age for consent to information society services in Lithuania is 14 years.
Public sector fines: Fines for public sector violations are capped between 1 and 1.5% of the annual budget, not exceeding EUR 30,000-60,000.

Conclusion

Lithuania has adapted its data protection laws to align with the GDPR, with specific national provisions related to personal codes, freedom of expression, employment data, and fines in the public sector. The Lithuanian State Data Protection Inspectorate is the supervisory authority overseeing compliance.

Write email

Group	external media
Name	Calendly
Technical name	_cf_bm,__cfruid,OptanonConsent
Provider	Calendly LLC
Expire in days	365
Privacy policy	https://calendly.com/privacy
Use	To arrange appointments via the provider Calendly.
Allowed
Group	essential
Name	Contao CSRF Token
Technical name	csrf_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Serves to protect the website from being falsified by cross-site requests. The cookie is deleted again after the browser is closed.
Allowed
Name	Contao HTTPS CSRF Token
Technical name	csrf_https_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Used to protect the encrypted website (HTTPS) from being falsified by cross-site requests. The cookie is deleted again after the browser is closed.
Allowed
Name	PHP SESSION ID
Technical name	PHPSESSID
Provider	Contao
Expire in days	0
Privacy policy
Use	Cookie from PHP (programming language), PHP data identifier. Contains only a reference to the current session. No information is stored in the user's browser and this cookie can only be used by the current website. This cookie is mainly used in forms to increase user-friendliness. Data entered in forms is stored for a short time, for example, if the user makes an input error and receives an error message. Otherwise, all data would have to be entered again.
Allowed
Name	FE USER AUTH
Technical name	FE_USER_AUTH
Provider	Contao
Expire in days	0
Privacy policy
Use	Saves a visitor's information as soon as they log in to the frontend.
Allowed