January 27th The State Data Protection Inspectorate, one of the personal data protection supervisory authorities in Lithuania, organized a data protection day breakfast at the Sapiego Park Convention Center. From the outset, the State Data Protection Inspectorate has contributed to the commemoration of this day, which aims to raise awareness among European citizens of personal data and privacy issues and their rights and of the responsibilities of organizations processing personal data in this area. The State Data Protection Inspectorate invited representatives of the major Lithuanian state institutions, non-governmental organizations, business and associations to the event dedicated to the 14th International Data Protection Day.
According to Raimondas Andrijauskas, Director of the State Data Protection Inspectorate, who welcomed the guests, “Data protection has undergone a major breakthrough in recent years, largely due to the introduction of the General Data Protection Regulation. However, it is important to move forward and take note of the idea expressed by former European Data Protection Supervisor Giovanni Buttarell in the Privacy Vision for Europe 2030 that the General Data Protection Regulation is the highest standard, but that the European Union’s data protection community must prepare for the new 10th anniversary.
The representatives of the State Data Protection Inspectorate presented the present situation of personal data protection in Lithuania to the guests, presenting the results of their activities and their plans for the near future.
2019 A representative study of the Lithuanian population on the protection of personal data showed particularly high awareness rates. For example, as much as 90 percent. Lithuanian SMEs are aware of the General Data Protection Regulation, which sets out the rules for the processing of personal data. The interest of the public and organizations in the wide range of data protection issues can also be witnessed by the number of consultations provided by the supervisory authority – around 4.5 thousand per year.
Both the participants and other public and private stakeholders will be particularly interested in 2020. Inspections planned by the State Data Protection Inspectorate. In doing so, the supervisory authority shall assess certain aspects of the processing of data in companies or public sector bodies and shall issue recommendations or instructions when data protection regulatory inconsistencies are found. These verifications help not only the verifiers but also the sector as a whole to exploit the results of the verifications and to remedy existing shortcomings in the processing of personal data.
Given the signals received last year about the potential risks of the adequacy of the processing of personal data, the It is planned to carry out at least 50 inspections in educational institutions, ministries and their subordinate institutions, e-shops, financial sector. In the latter, checks are scheduled specifically for the provision of payment initiation services.
By the way, one of the more pressing issues of interest to foreign and Lithuanian stakeholders in 2019 is fines for breaches of data security rules. The State Data Protection Inspectorate imposed 6 fines, among other sanctions, such as instructions, reprimands, recommendations. The largest of them was 61.5 thousand. It was specifically earmarked for a payment initiation company. This case is important for Lithuania because this sanction was the first European implementation of the one-stop mechanism provided for in the General Data Protection Regulation, when the company was active in several European Union countries – in this case Lithuania and Latvia.
Changes in society due to the increased importance of personal data protection are to be welcomed, but do not go to extremes. The aim of the organizations processing personal data in the short term should be to develop a new approach to the protection of personal data. The processing of personal data must comply not only with the General Data Protection Regulation but also with general ethical principles and must not restrict competition or harm the legitimate interests of others.