The State Data Inspectorate (hereinafter SDPI) in 2020 carried out preventive inspections in state registers or information systems about the personal data range. There were inspectioned 10 state registers or information systems with different data controllers of personal data of the Ministry in the Republic of Lithuania.
Investigations were carried out according to the form realized by the State Personal Data Protection Inspectorate for those investigations and after effective audits on the spot on the lawfulness of the personal data processing.
Inspections have underlined the following weaknesses of registers and information systems:
One information system was found to be no longer working, so it is important to note that in this case the system must be liquidated.
- 1 of the audited information systems has not correctly implemented the principle of data reduction, as it processes personal data not provided for by its legislation.
- 3 Inadequate applications of the principle of conservation time limitation.
- 2 did not have a documented procedure for the destruction of data.
- 4 have not correctly implemented the principle of data minimisation for the transfer of personal data to third parties.
Among other things, the SDPI, after conducting inspections, supported the establishment of legal rules on the scope of personal data processed for the purposes of terrorist financing and the prevention of money laundering and credit assessment.Valstybes registru ir IS 2020 m_ tikrinimai del asmens duomenu apimties 2021-03-15