GDPR shapes Estonia’s DP law

While Estonia’s legal system does not allow for GDPR-style fines, there are now attempts to rectify this gap. Organisations are still getting to grips with the new provisions. By Margot Arnus of WALLESS, Estonia.

Estonia’s Personal Data Protection Act (the PDPA) was adopted on 12 December 2018. The PDPA contains some derogations from the General Data Protection Regulation (the GDPR) but is mainly intended to implement the so called Law Enforcement Directive (EU) 2016/680. Since the entry into force of both the GDPR and the PDPA, companies in Estonia have been working towards achieving compliance with data protection principles. Local companies are beginning to understand slowly but surely the importance of minimising unlawful processing and of complying with obligations stipulated in privacy laws.

This article focuses on the derogations Estonia has adopted, the issues addressed in procedural practices of the supervisory authority — the Data Protection Inspectorate (the DPI) — and options for implementing the administrative fines to strengthen the enforcement of the rules of the GDPR.

Continue reading

International Report subscribers please login to access the full article.

If you wish to subscribe please see our subscription information.