Home

isikuandmete

Isikuandmete, or personal data, refers to any information relating to an identified or identifiable natural person. This includes direct identifiers such as name, address, telephone number, and national ID, as well as indirect identifiers like online identifiers, location data, or a combination of data that could reveal a person’s identity. Data about an individual’s health, genetic or biometric data, political opinions, religion, or sexual orientation are considered more sensitive and require stronger protection. Data that has been truly anonymized is not classified as isikuandmed.

In the European Union and Estonia, isikuandmete protection is governed by the General Data Protection Regulation

Key players in handling isikuandmed are data controllers and data processors. They must provide clear information

Data subjects have rights to access, rectify, erase, restrict processing, object, and request data portability. They

Transfers of isikuandmed across borders are permitted under GDPR safeguards, including adequacy decisions and appropriate protections

(GDPR)
and
national
laws
such
as
Estonia’s
Personal
Data
Protection
Act.
Processing
is
allowed
only
under
a
lawful
basis,
such
as
consent,
performance
of
a
contract,
legal
obligation,
vital
interests,
public
task,
or
legitimate
interests.
Special
categories
of
data
receive
heightened
safeguards
and
usually
require
explicit
consent
or
another
strong
justification.
to
data
subjects,
ensure
data
minimization
and
purpose
limitation,
and
implement
appropriate
security
measures.
Common
measures
include
pseudonymization,
encryption,
access
controls,
and
regular
security
assessments.
High-risk
processing
may
require
a
data
protection
impact
assessment,
and
organizations
may
appoint
a
data
protection
officer
where
appropriate.
can
withdraw
consent
where
consent
is
the
lawful
basis.
Complaints
can
be
lodged
with
the
national
supervisory
authority,
such
as
Estonia’s
Andmekaitse
Inspektsioon,
for
alleged
violations.
like
Standard
Contractual
Clauses.
Data
retention
should
align
with
the
purposes
of
processing
and
limit
unnecessary
storage.