Substantial amendments to the Administrative Offences Code, adopted on 24 July 2008, became effective on 7 August 2008, imposing more serious sanctions regarding certain administrative offences (for example, against violating the Personal Data Protection Law).

      The Code imposes administrative liability for unlawfully processing an individual’s personal data. The amendments increase sanctions for failure to provide necessary information to the data subject, for operating an unregistered personal data processing system and also for failure to submit information to undertake the necessary accreditation by the Inspectorate.

      Under the Code, a legal person unlawfully processing personal data is liable to a warning or a fi ne of between LVL 100 and LVL 1,000.

      Failing to provide necessary information to a data subject incurs a penalty up to LVL 250, if information was obtained from a data subject or if the offence was committed while obtaining or revealing information to a third person for the fi rst time, and the information was not obtained from the data subject.

      A similar fi ne may be imposed if a person liable has failed to register a personal data processing system or necessary changes in the system, or to submit information to the Inspectorate, or to undertake necessary accreditation.