The supervision of personal data protection shall be carried out by Data State Inspectorate, which is subject to the supervision of the Ministry of Justice and operates independently, and permanently fulfilling the functions specified in regulatory enactments, taking the decisions and issuing the administrative acts in accordance with the law.

Data State Inspectorate is a state administration institution whose functions, rights and duties are determined by law. Data State Inspectorate shall be managed by a director who shall be appointed and released from his or her position by the Cabinet of Ministers pursuant to the recommendation of the Minister for Justice.

Duties of Inspectorate:

  • ensure the supervision of compliance regarding personal data protection
  • take decisions and review complaints regarding the protection of personal data, SPAM, electronic communication, etc.
  • register (notify) personal data processing
  • propose and carry out activities aimed at raising the efficiency of personal data protection (e.g. legislation activities)
  • accreditation of trusted electronic signature providers

The Office is authorized to perform supervision over personal data processed by governmental agencies, local government, other public bodies and natural and legal persons and to perform control of automated processing or processing performed by other means.

Powers of Inspectorate:

  • receive information free of charge from any person
  • perform inspections
  • require that data be blocked, that incorrect or unlawfully obtained data be erased or destroyed, or to order a permanent or temporary prohibition of data processing
  • bring an action in court for violations of Personal Data Protection Law
  • cancel a certificate of personal data processing registration
  • impose administrative punishments for violations in personal data processing (warnings, fines, confiscation of personal data processing means)
  • carry out inspection with the purpose to determine compliance of personal data processing with requirements of regulatory enactments in cases when the law bars the system controller from information delivery to the data subject and the corresponding application was received from the data subject
  • freely enter any non-residential premises where personal data processing is located
  • require written or verbal explanations from any person
  • enquire that documents are produced and other information is provided
  • require expertise of a personal data processing
  • request assistance of officials of law enforcement institutions or other experts
Page last updated: June 11, 2013 04:41 PM