About the dispute
We advised an e-commerce company in their dispute with the Latvian State Data Inspectorate (the Latvian data protection authority) concerning non-compliance with the General Data Protection Regulation (GDPR). The instance of non-compliance in question was unintentional; however, it was a potentially serious GDPR breach that could have resulted in a penalty of over 4% of the client’s total worldwide annual turnover. Naturally, this was a very worrying matter for the client, especially taking into account that the Latvian data protection authority has gradually moved towards applying greater penalties. A recent case saw the authority apply a penalty of EUR 150,000 to a local company that had breached data protection requirements.
The administrative proceedings
We advised the client throughout the administrative proceedings with the authority. Our assistance included answering the authority’s requests, preparing and submitting evidence to the authority, advising the client on how to remedy the data protection breach, and drafting the necessary documents to ensure future compliance with data protection requirements. We also represented the client before the authority and filed explanations on the client’s behalf arguing for reduced penalties for the breaches and several mitigating circumstances. This resulted in the authority applying a significantly lower penalty than was stipulated by the applicable law (the total penalty was below EUR 5,000). Overall, this was a very successful outcome for our client, who of course afterwards remedied the non-compliance and increased their vigilance on matters of data protection.