Lithuania's data protection in comparison to the GDPR
Lithuania has enacted a new version of the Law on Legal Protection of Personal Data, effective from July 16, 2018, to align with the GDPR. The Lithuanian State Data Protection Inspectorate is the supervisory authority responsible for overseeing GDPR compliance in the county.
GDPR opening clauses
Lithuania has made use of the GDPR's opening clauses to address various derogations, including those related to national security, freedom of expression, and employment. The law also sets the minimum age for consent to information society services at 14 years.
Key differences and national specifics
- Personal codes: Lithuania allows the processing of personal codes (National ID numbers) under specific conditions, but these cannot be used for direct marketing or disclosed publicly.
- Freedom of expression: Certain GDPR provisions are not applicable when personal data is processed for journalistic, academic, artistic, or literary purposes.
- Employment data: Employers are restricted from checking criminal records of potential or existing employees unless mandated by law for specific job roles.
- Child's age: The minimum age for consent to information society services in Lithuania is 14 years.
- Public sector fines: Fines for public sector violations are capped between 1 and 1.5% of the annual budget, not exceeding EUR 30,000-60,000.
Lithuania has adapted its data protection laws to align with the GDPR, with specific national provisions related to personal codes, freedom of expression, employment data, and fines in the public sector. The Lithuanian State Data Protection Inspectorate is the supervisory authority overseeing compliance.