Bulgaria’s new data protection law enters into force

Bulgaria’s GDPR implementing law entered into force on 2 March 2019. The Law on Amending and Supplementing the Law on Personal Data Protection (LASLPDP) modernises the original data Protection Act from 2002.

LASLPDP was adopted on 20 February 2019. As the Bulgarian legislator has refrained from repeating and replicating GDPR provisions in the national law, it has to be read in conjunction with the GDPR. The law also transposes the Law Enforcement Directive.

The Bulgarian legislator has chosen the age of 14 for the age of consent for children when using online services.

Plamen Angelov, Director for Legal Affairs and International Cooperation at Bulgaria’s Data Protection Authority said, in his personal capacity : ‘The amended act regulates a number of specific processing situations, including processing for journalistic purposes and for academic, artistic or literary expression; certain aspects of processing in the context of employment; safeguards and security measures related to the national identification number; derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes as well as processing by humanitarian organisations and public authorities in cases of natural or man-made disasters. Furthermore, in line with the long-established practice of the national supervisory authority, the amended law restricts the possibility for copying identity documents without specific authorization laid down in a legal act.’

See LASLPDP in full (as published Bulgaria's Official Journal). There is not yet an English translation of the law.