Law: Law No XIII-1426 of 30 June 2018 amending Law No I-1374 (only available in Lithuanian here) ('the Law') and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')
Regulator: State Data Protection Inspectorate ('VDAI')
Summary: Lithuania implemented the GDPR through the Law. The VDAI has been active in enforcing data protection legislation and in publishing guidelines which address, among other things, biometric data, the processing of personal data in the context of debt collection, as well as security measures and risk assessments. Areas of focus for the VDAI have been biometric data, as indicated by its thorough review of the use of biometric data in sports, strengthening international cooperation, and educating the public in the field of personal data protection. In addition, the VDAI recently published an inspection plan for 2020 where it outlines that it will carry out inspections of at least 50 organisations, including organisations in the financial services and e-commerce sectors.