andmekaitseseadusi
Andmekaitseseadus is the Estonian data protection law that governs the processing of personal data. It provides the national framework for privacy protection in both public and private sectors and implements European Union data protection rules, including the GDPR, within Estonia. The Act defines personal data, processing activities, and the roles of data controllers and processors.
The law establishes core processing principles, such as lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy,
Controllers and processors must implement data protection by design and by default, maintain records of processing
Enforcement is carried out by the Data Protection Inspectorate (Andmekaitse Inspektsioon). The authority monitors compliance, provides