Five years have passed since the introduction of the General Data Protection Regulation. During this time, the population has become more knowledgeable and careful about protecting their personal information. But there is still room for improvements in the attitudes of merchants to privacy policy.
“Entrepreneurs are demanding too much data, and then they cannot explain why they need it,” said Jekaterina Macuka, director of the State Data Inspectorate.
For example, when you purchase a delivery item in Internet stores, it is often not possible to order if the customer does not enter his or her home address. Customer loyalty cards, on the other hand, require a personal identity number, even though it is neither verified nor used to provide the service.
Therefore, the Data Inspectorate, in cooperation with the Latvian Chamber of Commerce and Industry (LTRK), will launch an educational campaign that will train entrepreneurs to provide the most convenient and secure privacy policy for themselves and the customer within the framework of the regulation.
"We will have both articles and recommendations. The articles will be in the media – our home page, LinkedIn, and Facebook. We will also organize seminars for entrepreneurs, both in Rīga and in the regions,” Macuka said.
If a person is concerned that the company is unduly willing to obtain private data, it is first recommended to ask the merchant for an explanation as to why it needs the ID number, home address, photograph, or other private data. If the explanation is not satisfactory, one may turn to the Data Inspectorate.
Last year, approximately 1,000 complaints about non-compliance with the data regulation have been received by the Inspectorate. In 234 cases, warnings, reprimands, or data processing restrictions were applied. In 15 cases there have also been penalties ranging from a few hundred to €1.2 million.