Accounting, Payroll, Tax & Legal since 1989


General Data Protection Regulation (hereinafter – GDPR) applicable for more than a year contributed to innovations in a daily business activity. Companies implemented technical and organizational measures and new policies, related to processing of personal data, reviewed processes of personal data processing. However, question comes whether all companies performed required actions?

On May 2019 Data Protection Inspectorate (hereinafter – DPI) issued a fine equal to EUR 61.500 for the breaches of GDPR. DPI discovered breaches of three articles of GDPR. The completed investigation showed crucial position of DPI - companies shall not only to prepare required documentation but also strictly respect the rules set out in the policies.

Significant fines were also issued in other countries, i.e. in French, Spain, Germany, Poland, Austria, Bulgaria, Cyprus and Malta.

Although it is emphasized that issuance of the fines is not a priority of supervisory authority, nevertheless the companies which made no actions to implement GDPR requirements shall consider potential consequences.

Further You can see what essential actions companies shall undertake to avoid fines related to GDPR.

1.       To perform internal audit on what type of personal data is processed, how and for what period this personal data is being kept. Moreover, to analyse whether personal data is processed under appropriate purposes and also to identify whether ground of processing is legal.


2.       To prepare internal documents, e.g.: 

·         Personal data processing policy;

·         Agreement with the data processor;

·         Declaration of confidentiality;

·         Procedure for responding to requests from data subjects;

·         Procedure for responding to personal data security breaches;

·         Procedure for evaluation of impact to personal data;

·         Records of data processing activities;

·     In case the company’s territory or premises are monitored by surveillance cameras –documentation related to video surveillance also needs to be prepared.


3.       To inform employees about implemented internal rules/ policies and to perform periodical maintenance due to compliance of the procedures.


In case all aforementioned procedures are introduced, the company can calmly wait for any investigation of DPI which are organized more often each year.


Please be informed that Leinonen team can help You to prepare documents related to implementation of GDPR requirements as well as to provide related legal comments. 


Information was prepared by Leinonen Lithuania Legal Team.



linkedin icon image logo
Živilė Mikolaitienė

Živilė Mikolaitienė

Senior Legal Advisor

Add Profession Translation

Mobile: +370 656 73318

Email: zivile.mikolaitiene(at)

Latest articles



International Payroll - Successfully operating globally with minimal...



State aid for salary in Lithuania



Updated rules and restrictions for Quarantine