Jekaterina Macuka, Director of the Latvian Data State Inspectorate recently addressed our members on the role of the national data supervisory authority in shaping EU-wide legislation, lessons learned from the GDPR enforcement and the development of new data transfer agreements with the U.S. 

Ms. Macuka explained that the Data State Inspectorate is working on raising public awareness related to new recommendations and guidelines and sharing more information in the media. They are also focusing on review of organizational activities and legislative regulation by improving the system on data breaches and legislation on investigative powers.

Under the GDPR all the member states of the EU have uniform protection of personal data and personal privacy. Transfers of personal data to third countries are determined by Chapter V of the GDPR and in some cases derogations determined by Article 49 might be used. Ms. Macuka gave specific examples of when Article 49 could be applied.

As of January 2020 EDPB has issued recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data. If personal data is transfered to third countries, regions or sectors covered by a Commission adequacy decision, it is not necessary to take any further steps. However, it is important to monitor if adequacy decisions relevant to transfers are revoked or invalidated.

According to Ms. Macuka, a six months transition period will be granted to prepare all adequacy decisions on the new data transfer agreements with the U.S. and UK.

In an interactive discussion the Director of DSI took a number of questions from members. We would like to thank all members for their active participation and Ms. Macuka for engaging with us on this important topic!