Will the Data State Inspectorate visit clients without warning and perform raids?
Now the Latvian government is reviewing the Latvian Personal Data Processing law which lists the functions and the authority of the Data State Inspectorate in detail. The current draft states that:
- The Inspectorate is an independent institution and it carries out its duties independently;
- The Inspectorate has the rights stated in Article 58 of the General Data Protection Regulation, thus, the Inspectorate can perform raids, visit publicly or privately owned premises, carry out inspections or other activities to determine – within the Inspectorate’s competences – normative act compliance of the persons under investigation. Upon visit, the employees of the Inspectorate must show their IDs and can visit any non-residential spaces. Likewise, the Inspectorate can freely learn and access any information on its registers, information systems and data bases.
During the raid, the employees have the rights to visit the place where data processing is performed by showing a written warrant which includes the subject and the purpose of the raid, and carry out the necessary activities. The Inspectorate employees must inform company representatives and employees about their rights, but legally they are not required to warn about raids.
Be sure to prepare your company for GDPR!