Select your nation of interest

Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
LATVIA SUPERVISORY AUTHORITY: Does the State Inspectorate have a “database “containing information on the processing of personal data by other persons?

LATVIA SUPERVISORY AUTHORITY: Does the State Inspectorate have a “database “containing information on the processing of personal data by other persons?

The purpose of the State Data Inspectorate is to protect human rights and fundamental freedoms in the field of data protection, to advise citizens and organisations, and to monitor the processing of personal data; therefore, citizens, in accordance with their rights under the General Data Protection Regulation, require the Data State Inspectorate to provide information on which persons processed their personal data, during which period and why.

Does the State Inspectorate have a “database” containing information on the processing of personal data by other persons?

Almost all organizations, using the available technical resources, maintain an information system, another simpler, for example, a system of archiving documents received and sent, Another example in Latvia is the population register managed by the Office for Citizenship and Migration, which collects information about all residents in Latvia. This means that there is no single universal database (system) that would contain information about everything and everyone, but that each organization chooses the most convenient and accessible data processing system.

As you know, in the context of the General Data Protection Regulation, the controller (hereinafter – public and private person) is the one who determines before starting the processing of personal data, which personal data will be processed, for what purposes personal data will be processed, what legal basis will apply and what means will be used to process personal data.

Consequently, in answering this question, the Inspectorate explains that it does not have a single database containing information on the processing of the data of a specific (data subject) by other authorities, companies or other natural persons (data processor).

The Inspectorate, like any other controller of personal data (public or private entity), can provide a person with information only on what personal data he has developed in his information systems, for what purpose and on what legal basis, or by connecting to the information systems of other institutions (such as the Registry for the verification of the address of the declared place of residence to the person who submitted the application to the institution).

Consequently, the State Data Inspectorate cannot be responsible for the processing of personal data carried out by other institutions, companies or individuals.

How to exercise your rights to obtain information about who processed my personal data and why:

Since 25 May 2018, with the direct application of the General Data Protection Regulation, each person has been granted greater control over the processing of their personal data, including the right to know who has processed their personal data and why.

Consequently, if a person knows or has reason to believe that a certain public and private person has processed the data of that person in its computer system or archive, in order to obtain confirmation and information on the processing of his personal data, its purposes (purposes) and to whom information on a person has been transferred, it is necessary to contact the specific public and private maintainer of the system / relevant information package with a request for information. These rights are provided for each person by the regulations.

According to Article 12.3 of the General Data Protection Regulation, a natural or legal person must reply to a request for personal information within one month.

If a person discovers that a natural or legal person does not respect the rights of the person referred to in Articles 15-22 of the General Data Protection Regulation, for example, does not respond to a request or has processed unjustified personal data, the person has the right to lodge a complaint with the Data Inspectorate.

The complaint must be accompanied by documents attesting to the unlawful processing of personal data and that the applicant has exercised his rights under the General Data Protection Regulation (e.g. a copy of the person’s request to the natural or legal person and, if the request is answered, a copy).

The State Data Inspectorate, on the other hand, examines a person’s complaint and exercises the powers conferred on it, for example, reproaches, prohibits the further processing of personal data or imposes an administrative sanction.

SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELLA LETTONIA DELLA LETTONIA

Team Privacy & Data Protection
26 March 2021

Recommended to you

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

6 March, 2025

LATVIAN SUPERVISORY AUTHORITY: A list of processing operations that are not required to be...

6 March, 2025

ICELANDIC SUPERVISORY AUTHORITY: Arion Bank hf.’s processing of personal data for marketing purposes and...

6 March, 2025

GERMAN SUPERVISORY AUTHORITY: BfDI participates in Europe-wide review of the right to erasure

5 March, 2025

DANISH SUPERVISORY AUTHORITY: EDPB launches coordinated action on the right to erasure

5 March, 2025

Vulnerability in Apache Tomcat (AL04/241217/CSIRT-ITA)

4 March, 2025

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

4 March, 2025

CISCO Product Updates (AL01/230112/CSIRT-ITA)

4 March, 2025

Android Security Updates (AL02/250304/CSIRT-ITA)

4 March, 2025

Vulnerability in Progress WhatsUp Gold (AL02/240627/CSIRT-ITA) – Update (AL02/240627/CSIRT-ITA)

4 March, 2025

ManageEngine: vulnerability fixed (AL01/250304/CSIRT-ITA)

4 March, 2025

Mautic: Public PoC for CVE-2024-47051 Exploitation (AL02/250303/CSIRT-ITA)

3 March, 2025

CANADIAN SUPERVISORY AUTHORITY: seeks Federal Court order requiring Pornhub operator to comply with Canadian...

3 March, 2025

Security Updates for Synology Products (AL01/250303/CSIRT-ITA)

3 March, 2025

7-Zip vulnerability fixed (AL02/250122/CSIRT-ITA)

28 February, 2025

Vulnerability in PostgreSQL (AL01/250214/CSIRT-ITA)

28 February, 2025

ITALIAN SUPERVISORY AUTHORITY: Fetus Cemetery: Sanctioned the Municipality of Brescia

28 February, 2025

 ITALIAN SUPERVISORY AUTHORITY: a credit rehabilitation company fined for 70 thousand euros

28 February, 2025

ITALIAN SUPERVISORY AUTHORITY: Fetus Cemetery: Sanctioned the Municipality of Brescia

28 February, 2025

ITALIAN SUPERVISORY AUTHORITY: ok to telemedicine with more guarantees for personal data

28 February, 2025

Advanced Research