Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Latvia: DVI publishes guidance on DPO's functions and tasks

The Data State Inspectorate ('DVI') published, on 19 August 2022, guidance on the tasks and functions of the data protection officer ('DPO'), following the release of separate guidance on the same topic on 12 August 2022. In particular, the guidance notes that a DPO's primary function is to be the organisation's leading consultant on personal data protection issues. In addition, the guidance outlines that the organisation should note that, similar to an auditor, the DPO will provide the organisation with their independent assessment of the organisation's existing or planned data processing. In addition, the guidance states that in order to achieve this the DPO must, in particular, address the organisation's planned and already implemented personal data processing activities and check and analyse the compliance of these activities with the requirements of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').

Furthermore, the guidance provides that the DPO should inform the organisation's management of the findings and, if necessary, make recommendations and suggestions on how to improve the processing and protection of personal data in the organisation. However, the guidance highlights that the final decision on the actions to be taken is at the discretion of the management of the organisation, but the opinion of the DPO should be taken into account in the decision on the planned processing of personal data. Lastly, the guidance notes that the DPO's main tasks are related to monitoring the compliance of the organisation's activities with the GDPR and to achieve this purpose, an organisation could assign to the DPO duties similar to those of an internal auditor, but in a highly specialised area which is the protection of personal data.

You can read the guidance, only available in Latvian, here.