Comparative analysis of financial penalties for data breach under GDPR among Baltic States

Abstract

The current thesis examines the penalty enforcement practices and the most common data breach causes in the Baltic States, by particularly focusing on Latvian, Lithuanian and Estonian cases from 2020 to 2022 with full text and final decisions available. Although the GDPR regulation is the same for all of the EU and Baltic countries the amount of fines varies significiantly not only between Baltic Staes but also in the EU countries. The thesis examines the regulatory compliance mechanisms, the most common data breach types of each Baltic country and applies ENISA data breach severity measurement guidelines for data breach severity assessment. Current thesis reveals the significant differences in penalty enforcement styles among the Baltic countries that vary from preliminary warnings in Estonia to direct and hight penalty imposement in Latvia for the GDPR violations. Thesis emphasizes the importance of the Data Protection Authorities, compliance methods and legal frameworks in formation of different approach formulation while applying the GDPR in practice.