The General Data Protection Regulation

We are finally past 25 May 2018, the date by which everyone was supposed to get ready for implementing the General Data Protection Regulation (GDPR), but is this really the end of it? Not by any means. We now encourage you to assess your readiness, identify any issues, and take steps to resolve them.

Privacy under the General Data Protection Regulation

One of the biggest challenges of the digital era is finding the right balance between using personal data and protecting privacy. All entities that process personal data within the EU must comply with requirements of the General Data Protection Regulation (GDPR).

Applying the GDPR means that companies should be testing and improving their data processing systems as well as checking that the way they process data meets GDPR requirements.

GDPR requirements

Extended scope

The GDPR applies to companies that carry on business in the EU and process personal data (of customers, employees etc) and to companies that carry on business outside the EU but systematically process data of EU nationals.

More obligations

The GDPR lays down the obligation to ensure personal data protection already when systems and services are at a developmental stage. The GDPR also provides for giving new rights to data subjects, and companies may be required in certain cases to appoint a certified data protection specialist.

Greater transparency

The GDPR requires that personal data processing and protection processes be open, which means that all of your data processing processes and decisions about data processing should be documented. Also, a company facing a data protection breach is required in certain cases to report it to the National Data Office and data subjects.

Penalties and litigation risks

The GDPR gives more powers to the National Data Office, including the power to impose a fine of up to €20 million or 4% of the group’s aggregate global annual revenue. We should not forget that reputation and trust may be lost as a result of failure to take data protection measures.

We can help you with –

Data processing compliance review

Review of your company’s personal data processing for compliance with GDPR requirements, engaging our IT experts if necessary.

View more

Making recommendations

Making recommendations for application in your day-to-day operations and for improving your day-to-day operations

View more

Developing internal procedures

Developing and improving your company’s internal procedures; preparing a data processing agreement

View more

Training your employees

Organising courses for your employees on various aspects of personal data processing

View more

Appointing data protection specialists

Appointing a certified data protection specialist where this is required by the GDPR

View more

Contact us

Aija Panke

Aija Panke

Senior lawyer

Tel: +371 67094400

Karīna Kļaviņa

Karīna Kļaviņa


Tel: +371 67094400

Follow us