Latvia DPA Lists Activities Not Subject to Data Protection Assessments
The Latvian Data State Inspectorate published a list of data processing activities that don't require data protection assessments. The guidelines aim to give organizations a practical and clear approach to risk identification and management, the privacy watchdog said.
Sign up for a free preview to unlock the rest of this article
Activities that don't need an assessment include processing employee personal data only within Latvia as long as the processing doesn't involve profiling or monitoring or biometric or genetic data, the inspectorate said. Also excluded is the processing of patients' health data by self-employed medics if it doesn't involve the transfer of data to third countries.
In addition, personal data processed by such people as notaries and bailiffs is exempt if it's related to professional secrecy and doesn't involve systematic transmission of the data to third countries, the watchdog said. Data processing of members and donors of associations and foundations is also exempt, as is processing by associations and cooperatives of apartment owners if not carried out on a large scale.
Other exclusions include: (1) Processing of physical access control and working time recording data if special categories of personal data aren't used. (2) Alcometer inspections performed in the transport sector, if they are required by rules and are used to ensure that drivers aren't under the influence of alcohol or narcotics.