Andmekaitseõiguse
Andmekaitseõigus refers to the legal framework governing the protection of personal data. In Estonia, this field is primarily regulated by the General Data Protection Regulation (GDPR) of the European Union, which is directly applicable, and the Estonian Data Protection Act (Isikuandmete kaitse seadus). These laws establish a set of rules and principles that organizations must follow when collecting, processing, storing, and transferring personal data of individuals.
The core principles of data protection include lawfulness, fairness, and transparency, purpose limitation, data minimization, accuracy,
Organizations processing personal data are obligated to implement appropriate technical and organizational measures to ensure the