Ask Reggi Your Question Now
Can you summarize Data Protection Act (in English)?
Estonia Laws - Others > Data Protection Act (in English)
Short Summary
The Personal Data Protection Act aims to protect the fundamental rights and freedoms of natural persons in relation to the processing of their personal data, particularly the right to privacy. It applies to all processors of personal data, including natural or legal persons, branches of foreign companies, and state or local government agencies. However, it does not apply to processing of personal data by natural persons for personal purposes or to transmission of personal data through the Estonian territory without any other processing of such data in Estonia. The Act sets out the conditions and procedures for processing personal data, as well as the requirements for state and administrative supervision. It defines personal data as any data concerning an identified or identifiable natural person, and sensitive personal data includes information such as political opinions, ethnic origin, health, and genetic information. The Act establishes principles for processing personal data, including legality, purposefulness, minimalism, restricted use, data quality, security, and individual participation. Processors of personal data are required to adhere to these principles and appoint a person responsible for data protection. The Act also grants data subjects rights to access their personal data, demand correction or deletion of inaccurate data, and seek compensation for damages resulting from violations of their rights. Violation of the Act’s provisions can result in fines of up to 300 fine units for individuals and up to 32,000 euros for legal persons.
Whom does it apply to?
This Act applies to all processors of personal data, including natural or legal persons, branches of foreign companies, and state or local government agencies.
What does it govern?
The aim of this Act is to protect the fundamental rights and freedoms of natural persons upon processing of personal data, above all the right to inviolability of private life.
What are exemptions?
This Act does not apply to processing of personal data by natural persons for personal purposes or to transmission of personal data through the Estonian territory without any other processing of such data in Estonia.
What are the Penalties?
Violation of the obligation to register the processing of sensitive personal data, violation of the requirements regarding security measures to protect personal data, or violation of other requirements for the processing of personal data is punishable by a fine of up to 300 fine units. The same act, if committed by a legal person, is punishable by a fine of up to 32,000 euros.
Jurisdiction
Estonia