Law: Personal Data Processing Law of 21 June 2018 ('the Law') and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')
Regulator: Data State Inspectorate ('DVI')
Summary: The DVI is responsible for enforcing the Law and for providing guidance on the GDPR. To date, the DVI has issued guidance on, among other things, data processing in the context of SMEs, and the protection of health information. In addition, Latvia implemented the Data Protection Directive with Respect to Law Enforcement (Directive (EU) 2016/680) into national law on 5 August 2019. Another key regulator in Latvia is the Board of the Financial and Capital Market Commission ('FCMC') which has taken enforcement action with regards to anti-money laundering and countering the financing of terrorism ('AML/CFT').