As we have previously informed, the Data State Inspectorate has developed and published guidelines “ Data Protection Impact Assessment ”, which offer a practical and clear approach to identifying and managing risks, helping to understand when and how to conduct a DPA. Another important document has now been created – a list of data processing activities that do not require such an assessment .
This list helps organizations better understand in which cases the risk of data processing is considered low, thus further assessment is not mandatory. It should be emphasized that the list cannot be considered complete, it may be supplemented by including new exceptional cases.
What processing operations do not require a NIDA?
- Processing of employees’ personal data only within the territory of Latvia, if no processing, profiling or systematic monitoring of biometric or genetic data is carried out.
- Processing of patient health data by self-employed medical practitioners, if it does not involve the transfer of data to third countries.
- Processing of personal data by individually practicing lawyers, notaries and bailiffs, if it is related to professional secrecy and there is no systematic transfer of data to third countries.
- Processing of personal data of customers by companies for the provision of services and advertising in the territory of Latvia, if the company’s core business is not related to large-scale data processing or processing of special categories of data.
- Processing of member and donor data by associations and foundations.
- Data processing carried out by apartment owners’ associations and cooperatives related to the management of residential buildings, if it is not carried out on a large scale.
- Processing of physical access control and timekeeping data, if special categories of personal data are not used.
- Breathalyzer tests carried out in the transport sector, if they arise from regulatory enactments and are used to ensure that drivers are not under the influence of alcohol or narcotics.
- Processing of collective applications by local governments, for example, when residents submit a collective application to the local government.
https://www.dvi.gov.lv/lv/jaunums/izstradats-saraksts-ar-apstrades-darbibam-kuram-nida-nav-javeic