Support Centre



Law: Personal Data Processing Law of 21 June 2018 ('the Law') and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')

Regulator: Data State Inspectorate ('DVI')

Summary: The DVI is responsible for enforcing the Law and for providing guidance on the GDPR. To date, the DVI has issued guidance on, among other things, data processing in the context of SMEs, and the protection of health information. In addition, Latvia implemented the Data Protection Directive with Respect to Law Enforcement (Directive (EU) 2016/680) into national law on 5 August 2019. Another key regulator in Latvia is the Board of the Financial and Capital Market Commission ('FCMC') which has taken enforcement action with regards to anti-money laundering and countering the financing of terrorism ('AML/CFT').


The Data State Inspectorate ('DVI') published, on 16 March 2022, guidelines for using cookies on websites1 ('the Cookie Guidelines') and a model cookie policy2. The Cookie Guidelines are very comprehensive and discuss among other things, consent, consent exemptions, transparency obligations and cookie consent mechanism while also outlining different types of cookies. OneTrust DataGuidance summarises the key points from the Cookie Guidelines.