Last year, the State Data Inspectorate (GDI) received 1,034 complaints about violations of personal data processing, including cases of unjustified access to e-health system data, publication of police-held data in chats, illegal video surveillance of employees in the break room, and other violations, according to the GDI report for 2025, as reported by LETA.
Last year, the inspection conducted 1,396 checks, including in 266 cases initiated in-depth inspections, during which 143 violations were identified. In 62 cases, corrective measures were applied, in 50 cases violations were rectified during the inspection, and 17 cases were closed as insignificant.
The inspection notes that the increase in the number of checks is explained by the heightened attention of residents to data security. Complaints mainly concern individual cases rather than systemic violations.
Last year, the most frequent complaints were about the processing of personal data on social media and websites. The second most common area was video surveillance, where requirements for informing individuals are often not met or filming is conducted over a wider area than necessary.
There was also an increase in complaints about data processing in the information systems of government institutions. In this area, 125 complaints were received, including about unjustified access to data in the e-health system.
Overall, the Data Inspectorate applied corrective measures in 62 cases, and in cases of administrative offenses, made seven decisions, five of which imposed fines for violations of data protection regulations. The total amount of fines was €326,400, with individual fines ranging from €150 to €300,000.
In reviewing cases of personal data processing in the e-health system, the Data Inspectorate found that medical professionals used the system to view health records of their relatives and other individuals, including colleagues, for personal purposes.
In these cases, violations of data protection regulations were recorded, and in most cases, corrective measures were applied to medical professionals, and reprimands were issued, while in one case, an administrative fine of €250 was imposed.
In turn, in the case of personal data processing in the information systems of the State Police, the Data Inspectorate established that a police officer obtained third-party data and later published it in a closed "Discord" chat. A fine of €150 was imposed for this violation.
The Data Inspectorate also received information about possible illegal processing of personal data in the workplace, where a surveillance camera was installed in the employees' break room.
As reported, last autumn, the Data Inspectorate imposed a fine of €300,000 on "ZZ Dats" in connection with a leak of municipal data identified in 2024, however, the company appealed this decision in court.
