Guidelines prepared for preparation for new legal regulation of personal data protection

Lithuania is preparing for changes in the system of legal regulation of personal data protection.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 2016 April 27 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “General Data Protection Regulation”) will be a document of direct application and will come into force in all Member States of the European Union from May 25th, 2018.

In Lithuania, in addition, certain aspects will be discussed in the Law on Legal Protection of Personal Data.

On June 15, 2017 the project of the Law on Legal Protection of Personal Data (hereinafter referred to as the Project), prepared by the Ministry of Justice, was submitted for the alignment with interested institutions and the public (

The Project discusses specific peculiarities of personal data processing (in the case of personal code, in the context of an employment relationship), the procedure for permission for the transfer of personal data to third countries or international organizations, the institutional structure of the formation of the policy of the Republic of Lithuania in the field of the protection of personal data, and the monitoring of the legal protection of personal data, the legal status of the State Data Protection Inspectorate, as the personal data protection supervisory authority in Lithuania, discussed, its tasks and functions, the principles of operation, rights and duties, powers, a detailed description of the settlement of the violations of personal data privacy is presented: the initiative rights, terms, possible solutions, the procedures for the processing of complaints by the data subjects is described, also the terms and conditions for imposing fines for violations are provided.

It is also worth mentioning that the Working Party, set up under Article 29 of the Directive 95/46 / EC, has drawn up guidelines and recommendations on various subjects of the General Data Protection Regulation to assist businesses, public authorities and people to prepare for new legal regulation of personal data protection.

Currently, there are 3 guidelines available to the public in English (on the right to data portability, on the Data Protection Officers and for identifying a controller or processor’s lead supervisory authority). In the future, the working group is planning to submit guidelines in the Lithuanian language. The Working Party is also developing more recommendations. It is planned during the year 2017 and 2018 to prepare the following recommendations:

Year 2017

Recommendations on impact assessment of data protection;
Recommendations for certification;
Special statement on the consent of the children;
Recommendations for consent;
Guidance on data safety reporting;
Recommendations for international data transmission tools;
Recommendations on the imposition of fines, on urgent procedures, on international cooperation.

Year 2018

Recommendations for transparency.

Newsletter SubscriptionGet in touch