Editor's note

International Internet Magazine. Baltic States news & analytics Monday, 20.05.2019, 02:17

Protecting Personal Data

Eugene Eteris, BC, Riga/Copenhagen, 25.05.2018.Print version

At the end of May 2018, a new single set of rules for all EU states on data protection and privacy in electronic communications is coming into effect. The law was adopted in April 2016 and the member states have had two years “to prepare” for including the regulation’s requirements into national legislation.

May 2018 will go into the European history as a “day of personal data protection”: that was the utmost idea of the General Data Protection Regulation initially adopted in on 26 of April 2016. 

The scope of the “protection of natural persons” is a complicated issue: suffice it to say that about one-third of the Regulation’s text (with 99 articles) is devoted to the “description of the problem” in 173 (!) points in its preamble.

As the GDPR’s preamble acknowledges “the regulation is intended to contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to the strengthening and the convergence of the economies within the internal market, and to the well-being of natural persons.

On top of all this, the GDPR seeks to harmonise the protection of fundamental rights and freedoms of natural persons in respect of processing activities and to ensure the free flow of personal data among the EU states.

Most important is the preamble’s point 6, which describes the urgency of the EU’s actions: “Rapid technological developments and globalisation have brought new challenges for the protection of personal data. The scale of the collection and sharing of personal data has increased significantly. Technology allows both private companies and public authorities to make use of personal data on an unprecedented scale in order to pursue their activities. Natural persons increasingly make personal information available publicly and globally. Technology has transformed both the economy and social life, and should further facilitate the free flow of personal data within the Union and the transfer to third countries and international organisations, while ensuring a high level of the protection of personal data.”


A lot of people are still unaware of the data protection importance, e.g. about 23 per cent of Latvians don’t know anything about it.

The Regulation’s text can be seen at:


Important to mention that the “regulation shall be binding in its entirety and directly applicable in all EU states” (art.99).

In view of the new trends in data protection, regulators of the eight Baltic and Nordic countries signed a memorandum in Riga (24.05.2018) on cooperation in spheres of electronic communications.

Reference: http://www.baltic-course.com/eng/Technology/?doc=140278&ins_print.

Russian comments on the Personal Data Protection Regulation can be seen at:



Violations and fines

Particularly severe violations and consequent fines (GDPR, art. 83, p. 5) can be up to €20 million; in corporate cases up to 4% of their total yearly global turnover. Less severe violations (art. 83, p. 4) can be fined for up to €10 million; in corporate cases up to 2% of the yearly turnover. “Globally” is an important addition: Facebook would like to avoid potentially great fines and sanctions by “moving legal address” from Europe to California.

The definition of the “company” can be fined in TFEU, arts. 101-102 as a “unit which exercises a commercial activity… it can consist of one individual company as well as of several natural or legal persons; e.g. a whole group can be treated as one company.

More in Intersoft Consulting at: https://gdpr-info.eu/issues/fines-penalties/

For example, from 25.05.2018, for kids under 13 it’s becoming “problematic” to use Facebook and/or Instagram: they (or their parents) risk of having big fines if detected.

Search site