Study visit “Mechanisms for exercising control and establishing pecuniary sanctions”

       Between January 19 and 21, representatives of the National Center for Personal Data Protection (NCPDP) conducted a study visit entitled “Mechanisms for exercising control and establishing pecuniary sanctions”, held in the Republic of Estonia.

       The purpose of the event was to adopt european best practices regarding control mechanisms, the application of corrective measures and the establishment of pecuniary sanctions in the field of personal data protection, as well as to strengthen the professional capacities of NCPDP employees in the context of the development of european digital law and digital transformation.

       The visit agenda included working sessions and meetings with relevant institutions in Estonia, opening with a presentation by the e-Governance Academy (eGA), focused on the impact of e-governance projects at the international level, the activities carried out in the Republic of Moldova and the objectives of the study visit program.

       At the same time, the NCPDP delegation had a meeting with representatives of the State Information Systems Authority (RIA), the institution responsible for managing critical IT services at the national level.

       The discussions focused on the management of cyber incidents involving personal data, as well as inter-institutional cooperation in the field of cybersecurity and personal data protection.

       An important point of the visit was the meeting with representatives of the Estonian Data Protection Inspectorate, during which aspects related to institutional control mechanisms and supervisory procedures were analyzed, including planning and prioritizing inspections based on risk criteria, types of controls performed (on-site inspections, documentary checks, thematic investigations), initiating investigations based on complaints, self-referrals, as well as internal cooperation between investigative, legal and IT structures.

       At the same time, the discussions focused on the procedures for finding violations and applying pecuniary sanctions, including the stages of the sanctioning process, the criteria for assessing the seriousness of the facts, the application of the principle of proportionality, the mechanisms for calculating fines, the means of appeal, the collection and enforcement of sanctions, inter-institutional and cross-border cooperation, the use of digital tools in supervision, preventive and educational measures, as well as good practices and lessons learned from relevant cases handled by the Estonian authority.

       The agenda also included a meeting with representatives of the Chancellor of Justice Office of Estonia, addressing topics related to the role and powers of this institution, its involvement in procedures aimed at the protection of personal data and the use of digital technologies in the exercise of the institutional mandate.

       The study visit provided a valuable framework for the exchange of experience, the analysis of advanced practices and the consolidation of institutional cooperation, contributing to strengthening the capacities of the NCPDP for the effective enforcement of personal data protection legislation.

       The study visit was organized with the support of the EU’s Cybersecurity Rapid Assistance 2.0 project, implemented by the Estonian E-Government Academy.