Privacy Laws

Latvia's data protection in comparison to the GDPR

The flag of Latvia with a harbour in the background — © Uldis Laganovskis / stock.adobe.com | #604706341

General overview

In Latvia, the primary legislation governing data protection is the Personal Data Processing Law of 21 June 2018. This law was enacted to align Latvia's data protection framework with the EU's General Data Protection Regulation (GDPR). The law came into effect on 5 July 2018 and sets the legal foundation for GDPR implementation in the country.

GDPR opening clauses

The Latvian government has also introduced additional regulations to supplement the GDPR. One such regulation is the Government Regulations No. 620, known as the Data Protection Specialist Qualification Rules, adopted on 6 October 2020. These rules specify the qualifications required for data protection specialists. Moreover, the government is expected to introduce further regulations concerning licensing requirements for institutions that monitor compliance with codes of conduct.

Key differences and national specifics

Guidelines by Data State Inspectorate (DVI): The DVI has issued several guidelines to assist with GDPR compliance. These guidelines cover a range of topics, from data subject rights to data protection impact assessments (DPIAs).
Sector-specific guidelines: The DVI has collaborated with professional organizations to develop guidelines for data processing in specific sectors, such as the electronic communications sector.
Covid-19 data processing: The DVI has also issued recommendations concerning the processing of data related to Covid-19, affecting various stakeholders like employees, customers, and children.
Data Protection Officers (DPOs): The DVI has provided extensive guidelines and FAQs on the appointment of DPOs, outlining their roles, responsibilities, and qualifications.
European Data Protection Board (EDPB) Opinion: The EDPB has published an opinion specifically for Latvia, focusing on the processing operations that require a data protection impact assessment.

Conclusion

Latvia has a comprehensive data protection framework that aligns closely with the GDPR. The country has also taken additional steps to provide guidelines and regulations that address national specifics and sectoral needs. This makes Latvia's approach to data protection both robust and adaptable to changing needs.

Write email

Group	external media
Name	Calendly
Technical name	_cf_bm,__cfruid,OptanonConsent
Provider	Calendly LLC
Expire in days	365
Privacy policy	https://calendly.com/privacy
Use	To arrange appointments via the provider Calendly.
Allowed
Group	essential
Name	Contao CSRF Token
Technical name	csrf_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Serves to protect the website from being falsified by cross-site requests. The cookie is deleted again after the browser is closed.
Allowed
Name	Contao HTTPS CSRF Token
Technical name	csrf_https_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Used to protect the encrypted website (HTTPS) from being falsified by cross-site requests. The cookie is deleted again after the browser is closed.
Allowed
Name	PHP SESSION ID
Technical name	PHPSESSID
Provider	Contao
Expire in days	0
Privacy policy
Use	Cookie from PHP (programming language), PHP data identifier. Contains only a reference to the current session. No information is stored in the user's browser and this cookie can only be used by the current website. This cookie is mainly used in forms to increase user-friendliness. Data entered in forms is stored for a short time, for example, if the user makes an input error and receives an error message. Otherwise, all data would have to be entered again.
Allowed
Name	FE USER AUTH
Technical name	FE_USER_AUTH
Provider	Contao
Expire in days	0
Privacy policy
Use	Saves a visitor's information as soon as they log in to the frontend.
Allowed