{"id":166,"date":"2026-01-20T00:00:00","date_gmt":"2026-01-19T23:00:00","guid":{"rendered":"https:\/\/helloblog.io\/lv\/gdpr-atbilstibas-kontrolsaraksts-vietnu-ipasniekiem\/"},"modified":"2026-01-20T00:00:00","modified_gmt":"2026-01-19T23:00:00","slug":"gdpr-atbilstibas-kontrolsaraksts-vietnu-ipasniekiem","status":"publish","type":"post","link":"https:\/\/helloblog.io\/lv\/gdpr-atbilstibas-kontrolsaraksts-vietnu-ipasniekiem\/","title":{"rendered":"GDPR atbilst\u012bbas kontrolsaraksts viet\u0146u \u012bpa\u0161niekiem: pilna praktisk\u0101 rokasgr\u0101mata"},"content":{"rendered":"\n

GDPR (General Data Protection Regulation) joproj\u0101m ir viena no stingr\u0101kaj\u0101m un visaptvero\u0161\u0101kaj\u0101m datu priv\u0101tuma sist\u0113m\u0101m pasaul\u0113. Ja tu apstr\u0101d\u0101 ES iedz\u012bvot\u0101ju personas datus \u2014 neatkar\u012bgi no t\u0101, vai vadi mazu blogu, e-veikalu vai SaaS \u2014 atbilst\u012bba nav izv\u0113les lieta. Neatbilst\u012bbas gad\u012bjum\u0101 sods var sasniegt l\u012bdz 20 miljoniem \u20ac vai 4% no glob\u0101l\u0101 gada apgroz\u012bjuma<\/strong> (atkar\u012bb\u0101 no t\u0101, kur\u0161 skaitlis ir liel\u0101ks).<\/p>\n\n\n\n

\u0160aj\u0101 rakst\u0101 es salieku vien\u0101 viet\u0101 pilnu GDPR atbilst\u012bbas kontrolsarakstu<\/strong> viet\u0146u \u012bpa\u0161niekiem un izstr\u0101d\u0101t\u0101jiem: kas ir j\u0101sak\u0101rto datos, procesos, piekri\u0161an\u0101s meh\u0101nismos, lietot\u0101ju ties\u012bbu izpild\u0113, k\u0101 ar\u012b ko \u012bpa\u0161i p\u0101rbaud\u012bt WordPress vid\u0113. Katr\u0101 sada\u013c\u0101 saglab\u0101ju ar\u012b atsauces uz atbilsto\u0161ajiem GDPR pantiem (Article 6, 7, 12, 13 u.c.), lai ir viegl\u0101k piesiet pras\u012bbas konkr\u0113tam normat\u012bvajam pamatojumam.<\/p>\n\n\n\n

Kas ir GDPR (un uz ko tas attiecas)?<\/h2>\n\n\n\n

GDPR<\/strong> ir Eiropas Savien\u012bbas regula, kas ir sp\u0113k\u0101 kop\u0161 2018. gada 25. maija<\/strong>. T\u0101 defin\u0113, k\u0101 organiz\u0101cijas dr\u012bkst v\u0101kt, izmantot, glab\u0101t un nodot t\u0101l\u0101k personas datus<\/strong>. B\u016btiski: GDPR attiecas ne tikai uz uz\u0146\u0113mumiem ES, bet ar\u012b uz organiz\u0101cij\u0101m \u0101rpus ES, ja t\u0101s apstr\u0101d\u0101 ES iedz\u012bvot\u0101ju personas datus.<\/p>\n\n\n\n

Pirms s\u0101c: saproti savu lomu (Controller\/Processor)<\/h2>\n\n\n\n

GDPR terminolo\u0123ija viet\u0146u pasaul\u0113 bie\u017ei \u0161\u0137iet \u201cjuridiska\u201d, bet tehniskaj\u0101 praks\u0113 t\u0101 pal\u012bdz saprast atbild\u012bbu robe\u017eas.<\/p>\n\n\n\n

    \n\n
  • Data Controller<\/strong> (p\u0101rzinis): organiz\u0101cija, kas nosaka, k\u0101p\u0113c<\/em> un k\u0101<\/em> personas dati tiks apstr\u0101d\u0101ti. Parasti tas ir vietnes\/biznesa \u012bpa\u0161nieks, kas lemj par form\u0101m, m\u0101rketingu, anal\u012btiku u.tml. P\u0101rzinim ir prim\u0101r\u0101 atbild\u012bba par atbilst\u012bbu.<\/li>\n\n\n
  • Data Processor<\/strong> (apstr\u0101d\u0101t\u0101js): tre\u0161\u0101 puse, kas apstr\u0101d\u0101 datus p\u0101rzi\u0146a v\u0101rd\u0101 (piem., hostings, e-pasta s\u016bt\u012b\u0161anas serviss, CRM). Ar\u012b apstr\u0101d\u0101t\u0101jam j\u0101ievie\u0161 atbilsto\u0161i tehniskie un organizatoriskie pas\u0101kumi.<\/li>\n\n\n
  • Data Subject<\/strong> (datu subjekts): persona, kuras dati tiek apstr\u0101d\u0101ti. GDPR m\u0113r\u0137is ir aizsarg\u0101t tie\u0161i datu subjekta ties\u012bbas.<\/li>\n\n<\/ul>\n\n\n\n

    Svar\u012bga nianse: vien\u0101 biznes\u0101 tu vari b\u016bt gan p\u0101rzinis, gan apstr\u0101d\u0101t\u0101js (atkar\u012bb\u0101 no konkr\u0113t\u0101 datu pl\u016bsmas scen\u0101rija).<\/p>\n\n\n\n

    7 GDPR pamatprincipi, kas j\u0101\u0146em v\u0113r\u0101 visur<\/h2>\n\n\n\n

    Pirms \u0137eries pie kontrolsaraksta, ir v\u0113rts nostiprin\u0101t b\u0101zi \u2014 \u0161ie 7 principi praktiski nosaka, k\u0101 \u201cpareizi\u201d dizain\u0113t datu pl\u016bsmas, UI un procesus:<\/p>\n\n\n\n

      \n\n
    1. Lawfulness, fairness, and transparency<\/strong>: apstr\u0101d\u0101 datus likum\u012bgi un godpr\u0101t\u012bgi, un skaidri inform\u0113 cilv\u0113kus, k\u0101p\u0113c un k\u0101 dati tiks lietoti.<\/li>\n\n\n
    2. Purpose limitation<\/strong>: v\u0101c datus tikai konkr\u0113tam, le\u0123it\u012bmam m\u0113r\u0137im.<\/li>\n\n\n
    3. Data minimization<\/strong>: v\u0101c tikai minimumu, kas ir nepiecie\u0161ams.<\/li>\n\n\n
    4. Accuracy<\/strong>: dati j\u0101uztur prec\u012bzi un aktu\u0101li.<\/li>\n\n\n
    5. Storage limitation<\/strong>: neglab\u0101 ilg\u0101k, nek\u0101 nepiecie\u0161ams.<\/li>\n\n\n
    6. Integrity and confidentiality<\/strong>: aizsarg\u0101 datus pret nesankcion\u0113tu piek\u013cuvi ar atbilsto\u0161iem dro\u0161\u012bbas pas\u0101kumiem.<\/li>\n\n\n
    7. Accountability<\/strong>: sp\u0113j pier\u0101d\u012bt, ka iev\u0113ro atbilst\u012bbu (ne tikai \u201cdom\u0101, ka iev\u0113ro\u201d).<\/li>\n\n<\/ol>\n\n\n\n

      Pilns GDPR atbilst\u012bbas kontrolsaraksts (ar pantiem)<\/h2>\n\n\n\n

      Dati<\/h3>\n\n\n\n

      1) Tev ir saraksts ar visiem personas datu tipiem, avotiem, koplieto\u0161anu, nol\u016bkiem un glab\u0101\u0161anas termi\u0146iem (Controller, Processor<\/em>)<\/h4>\n\n\n\n

      Praktiski tas noz\u012bm\u0113: uzskaiti nevis tikai \u201cmums ir lietot\u0101ji\u201d, bet konkr\u0113tos datu laukus (kolonnas) \u2014 piem\u0113ram, v\u0101rds, e-pasts, adrese, identifikatori utt. Katram tipam dokument\u0113: no kurienes tas n\u0101k, ar ko dalies, ko tie\u0161i dari ar \u0161o datu tipu un cik ilgi glab\u0101si.<\/p>\n\n\n\n

      Reference:<\/strong> GDPR Article 30 \u2013 Records of processing activities<\/strong><\/p>\n\n\n\n

      2) Tev ir saraksts ar viet\u0101m, kur glab\u0101 personas datus, un datu pl\u016bsma starp t\u0101m (Controller, Processor<\/em>)<\/h4>\n\n\n\n

      \u0160eit ietilpst gan klasisk\u0101s datub\u0101zes (piem., MySQL), gan \u0101r\u0113jie servisi, gan ar\u012b offline glab\u0101tuves (piem., pap\u012bra dokumenti). Galvenais \u2014 saprast, kur dati re\u0101li \u201cdz\u012bvo\u201d un k\u0101 tie p\u0101rvietojas.<\/p>\n\n\n\n

      Reference:<\/strong> GDPR Article 30 \u2013 Records of processing activities<\/strong><\/p>\n\n\n\n

      3) Tev ir publiski pieejama Privacy Policy, kas apraksta visus procesus ar personas datiem (Controller, Processor<\/em>)<\/h4>\n\n\n\n

      Priv\u0101tuma politik\u0101 ir j\u0101atspogu\u013co visi procesi, kas skar personas datu apstr\u0101di. Taj\u0101 j\u0101iek\u013cauj (vai j\u0101ieliek saites uz) datu tipi, kurus glab\u0101, un vietas\/sist\u0113mas, kur tie tiek glab\u0101ti.<\/p>\n\n\n\n

      Reference:<\/strong> GDPR Article 30 \u2013 Records of processing activities<\/strong><\/p>\n\n\n\n

      4) Priv\u0101tuma politik\u0101 ir nor\u0101d\u012bts likum\u012bgais pamats (lawful basis), k\u0101p\u0113c apstr\u0101d\u0101 personas datus (Controller<\/em>)<\/h4>\n\n\n\n

      Tev ir j\u0101sp\u0113j izskaidrot \u201ck\u0101p\u0113c mums tas ir vajadz\u012bgs\u201d juridisk\u0101 noz\u012bm\u0113 \u2014 piem\u0113ram, l\u012bguma izpilde (pas\u016bt\u012bjuma apstr\u0101de), le\u0123it\u012bm\u0101s intereses utt.<\/p>\n\n\n\n

      Reference:<\/strong> GDPR Article 6 \u2013 Lawfulness of processing<\/strong><\/p>\n\n\n\n

      Atbild\u012bba un p\u0101rvald\u012bba (Accountability & Management)<\/h3>\n\n\n\n

      5) Ir iecelts DPO (Data Protection Officer) tad, ja tas ir oblig\u0101ti (Controller, Processor<\/em>)<\/h4>\n\n\n\n

      DPO (datu aizsardz\u012bbas speci\u0101lists) ir oblig\u0101ts tikai 3 gad\u012bjumos:<\/p>\n\n\n\n

        \n\n
      1. Apstr\u0101di veic valsts iest\u0101de vai instit\u016bcija (iz\u0146emot tiesas, kas darbojas tiesu varas ietvaros).<\/li>\n\n\n
      2. Biznesa pamatdarb\u012bbas ietver apstr\u0101di, kas p\u0113c b\u016bt\u012bbas, apjoma un\/vai m\u0113r\u0137a prasa regul\u0101ru un sistem\u0101tisku datu subjektu uzraudz\u012bbu liel\u0101 m\u0113rog\u0101.<\/li>\n\n\n
      3. Biznesa pamatdarb\u012bbas ietver liel\u0101 m\u0113rog\u0101 \u012bpa\u0161u kategoriju (sensit\u012bvu) datu apstr\u0101di saska\u0146\u0101 ar Article 9<\/strong>, k\u0101 ar\u012b personas datus par sod\u0101m\u012bbu un p\u0101rk\u0101pumiem saska\u0146\u0101 ar Article 10<\/strong>.<\/li>\n\n<\/ol>\n\n\n\n

        Ja DPO ir vajadz\u012bgs, vi\u0146am j\u0101orient\u0113jas GDPR vadl\u012bnij\u0101s un ar\u012b j\u0101saprot iek\u0161\u0113jie procesi, kuros tiek lietoti personas dati.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 37 \u2013 Designation of the data protection officer<\/strong><\/p>\n\n\n\n

        6) L\u0113mumu pie\u0146\u0113m\u0113jiem organiz\u0101cij\u0101 ir izpratne par GDPR pras\u012bb\u0101m (Controller, Processor<\/em>)<\/h4>\n\n\n\n

        Tehniski pareizi risin\u0101jumi bie\u017ei \u201csal\u016bzt\u201d pie biznesa l\u0113mumiem (m\u0101rketings, integr\u0101cijas, datu eksports). T\u0101p\u0113c atsl\u0113gas cilv\u0113kiem zin\u0101\u0161an\u0101m j\u0101b\u016bt aktu\u0101l\u0101m.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 25 \u2013 Data protection by design and by default<\/strong><\/p>\n\n\n\n

        7) Tehnisk\u0101 dro\u0161\u012bba ir atjaunin\u0101ta un atbilst m\u016bsdienu l\u012bmenim (Controller, Processor<\/em>)<\/h4>\n\n\n\n

        SaaS un t\u012bmek\u013ca produktiem parasti ir v\u0113rts balst\u012bties uz dro\u0161\u012bbas checklist\u2019iem k\u0101 starta punktu, lai p\u0101rliecin\u0101tos, ka tehniskie pas\u0101kumi re\u0101li ir ieviesti, nevis tikai aprakst\u012bti dokumentos.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 25 \u2013 Data protection by design and by default<\/strong><\/p>\n\n\n\n

        8) Darbinieki ir apm\u0101c\u012bti datu aizsardz\u012bb\u0101 (Processor<\/em>)<\/h4>\n\n\n\n

        Da\u013ca dro\u0161\u012bbas incidentu notiek t\u0101p\u0113c, ka k\u0101ds ar piek\u013cuvi iek\u0161\u0113j\u0101m sist\u0113m\u0101m net\u012b\u0161i pal\u012bdz uzbrukumam (phishing, soci\u0101l\u0101 in\u017eenierija, nejau\u0161a datu nopl\u016bde). Apm\u0101c\u012bb\u0101m ir j\u0101b\u016bt re\u0101l\u0101m un regul\u0101r\u0101m.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 25 \u2013 Data protection by design and by default<\/strong><\/p>\n\n\n\n

        9) Tev ir sub-processor saraksts, un Privacy Policy skaidri min \u0161o sub-processor izmanto\u0161anu (Processor<\/em>)<\/h4>\n\n\n\n

        Ja tu k\u0101 apstr\u0101d\u0101t\u0101js izmanto apak\u0161apstr\u0101d\u0101t\u0101jus (sub-processors), klientiem par to ir j\u0101zina un tiem j\u0101piekr\u012bt (praktiski \u2014 pie\u0146emot tavu priv\u0101tuma politiku\/terms, atkar\u012bb\u0101 no mode\u013ca).<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 28 \u2013 Processor<\/strong><\/p>\n\n\n\n

        10) Ja str\u0101d\u0101 \u0101rpus ES, bet apstr\u0101d\u0101 ES iedz\u012bvot\u0101ju datus, ir iecelts p\u0101rst\u0101vis ES (Controller, Processor<\/em>)<\/h4>\n\n\n\n

        Ja bizness ir \u0101rpus ES un tom\u0113r v\u0101c\/apstr\u0101d\u0101 ES iedz\u012bvot\u0101ju datus, ir j\u0101nor\u012bko p\u0101rst\u0101vis k\u0101d\u0101 dal\u012bbvalst\u012b. \u0160im p\u0101rst\u0101vim j\u0101sp\u0113j risin\u0101t ar apstr\u0101di saist\u012btie jaut\u0101jumi, un uzraudz\u012bbas iest\u0101d\u0113m j\u0101b\u016bt iesp\u0113jai ar vi\u0146u sazin\u0101ties.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 27 \u2013 Representatives of controllers or processors not established in the Union<\/strong><\/p>\n\n\n\n

        11) Personas datu p\u0101rk\u0101pumi tiek zi\u0146oti uzraudz\u012bbas iest\u0101dei un datu subjektiem (Controller, Processor<\/em>)<\/h4>\n\n\n\n

        Ja notiek personas datu p\u0101rk\u0101pums, tas j\u0101zi\u0146o uzraudz\u012bbas iest\u0101dei 72 stundu laik\u0101<\/strong>. Zi\u0146ojum\u0101 j\u0101nor\u0101da, k\u0101di dati ir zaud\u0113ti\/nopl\u016bdu\u0161i, k\u0101das ir sekas un k\u0101di pretpas\u0101kumi veikti. Ja nopl\u016bdu\u0161ie dati nav biju\u0161i \u0161ifr\u0113ti, par incidentu parasti j\u0101inform\u0113 ar\u012b pa\u0161i datu subjekti, kuru dati skarti.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 33 \u2013 Notification of a personal data breach to the supervisory authority<\/strong>; GDPR Article 34 \u2013 Communication of a personal data breach to the data subject<\/strong><\/p>\n\n\n\n

        12) Ir l\u012bgumi ar visiem apstr\u0101d\u0101t\u0101jiem, kam nodod datus (piem., hostings) (Controller<\/em>)<\/h4>\n\n\n\n

        Ja tu nodod datus apstr\u0101d\u0101t\u0101jam, l\u012bgum\u0101 ir j\u0101b\u016bt skaidr\u0101m instrukcij\u0101m par to, k\u0101 apstr\u0101d\u0101t\u0101js dr\u012bkst glab\u0101t\/apstr\u0101d\u0101t datus. L\u012bgumam j\u0101defin\u0113: apstr\u0101des priek\u0161mets un ilgums, apstr\u0101des veids un m\u0113r\u0137is, personas datu tipi, datu subjektu kategorijas, k\u0101 ar\u012b p\u0101rzi\u0146a ties\u012bbas un pien\u0101kumi.<\/p>\n\n\n\n

        Tas pats princips attiecas ar\u012b uz situ\u0101ciju, kad apstr\u0101d\u0101t\u0101js piesaista sub-processor, lai pal\u012bdz\u0113tu izpild\u012bt apstr\u0101di p\u0101rzi\u0146a v\u0101rd\u0101.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 28 \u2013 Processor<\/strong>; GDPR Article 29 \u2013 Processing under the authority of the controller or processor<\/strong><\/p>\n\n\n\n

        Jaun\u0101s ties\u012bbas (New Rights) \u2014 ko lietot\u0101jam j\u0101sp\u0113j izdar\u012bt<\/h3>\n\n\n\n

        13) Lietot\u0101js var viegli piepras\u012bt piek\u013cuvi saviem personas datiem (Controller, Processor<\/em>)<\/h4>\n\n\n\n

        Tev j\u0101b\u016bt skaidram procesam, k\u0101 apstr\u0101d\u0101 datu subjekta piek\u013cuves piepras\u012bjumus (access requests) \u2014 gan organizatoriski, gan tehniski.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 15 \u2013 Right of access by the data subject<\/strong><\/p>\n\n\n\n

        14) Lietot\u0101js var viegli labot savus datus, lai tie b\u016btu prec\u012bzi (Controller, Processor<\/em>)<\/h4>\n\n\n\n

        Nodro\u0161ini meh\u0101nismu, k\u0101 lietot\u0101js var izlabot neprec\u012bzus datus (piem., profil\u0101) vai k\u0101 to var izdar\u012bt, iesniedzot piepras\u012bjumu.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 16 \u2013 Right to rectification<\/strong><\/p>\n\n\n\n

        15) Tu autom\u0101tiski dz\u0113s datus, kas vairs nav vajadz\u012bgi (Controller, Processor<\/em>)<\/h4>\n\n\n\n

        Praks\u0113 \u0161eit bie\u017ei \u201ciek\u0101rtojas\u201d tehniskais par\u0101ds: dati kr\u0101jas bez termi\u0146iem. M\u0113r\u0137is ir automatiz\u0113t dz\u0113\u0161anu, piem\u0113ram, dz\u0113st klientu datus, ja l\u012bgums nav atjaunots un nav cita likum\u012bga pamata glab\u0101\u0161anai.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 5 \u2013 Principles relating to processing of personal data<\/strong><\/p>\n\n\n\n

        16) Lietot\u0101js var viegli piepras\u012bt savu datu dz\u0113\u0161anu (\u201cright to be forgotten\u201d) (Controller, Processor<\/em>)<\/h4>\n\n\n\n

        Tev j\u0101b\u016bt procesam \u201cdz\u0113\u0161anas piepras\u012bjumiem\u201d (erasure requests) un skaidriem so\u013ciem, k\u0101 dz\u0113\u0161ana tiek izpild\u012bta sist\u0113m\u0101s (ar\u012b integr\u0101cij\u0101s), ja vien nav citu tiesisku iemeslu datus patur\u0113t.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 17 \u2013 Right to erasure (‘right to be forgotten’)<\/strong><\/p>\n\n\n\n

        17) Lietot\u0101js var viegli piepras\u012bt apstr\u0101des ierobe\u017eo\u0161anu (Controller, Processor<\/em>)<\/h4>\n\n\n\n

        Tas noz\u012bm\u0113 iesp\u0113ju aptur\u0113t noteiktus apstr\u0101des veidus, ja lietot\u0101js to prasa un ir pamats. Tehniski bie\u017ei tas ir \u201cflag\u201d + darb\u012bbu atsl\u0113g\u0161ana (piem., m\u0101rketinga s\u016bt\u012bjumi).<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 18 \u2013 Right to restriction of processing<\/strong><\/p>\n\n\n\n

        18) Lietot\u0101js var piepras\u012bt savu datu izsnieg\u0161anu sev vai tre\u0161ajai pusei (Controller, Processor<\/em>)<\/h4>\n\n\n\n

        Datu p\u0101rnesam\u012bba noz\u012bm\u0113: dati j\u0101izsniedz struktur\u0113t\u0101, pla\u0161i izmantot\u0101 un ma\u0161\u012bnlas\u0101m\u0101 form\u0101t\u0101, lai cilv\u0113ks tos var\u0113tu p\u0101rcelt pie cita pakalpojuma sniedz\u0113ja.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 20 \u2013 Right to data portability<\/strong><\/p>\n\n\n\n

        19) Lietot\u0101js var iebilst pret profil\u0113\u0161anu vai automatiz\u0113tu l\u0113mumu pie\u0146em\u0161anu, kas vi\u0146u ietekm\u0113 (Controller<\/em>)<\/h4>\n\n\n\n

        \u0160is punkts ir aktu\u0101ls tikai tad, ja tav\u0101 biznes\u0101 tie\u0161\u0101m notiek profil\u0113\u0161ana vai automatiz\u0113ta l\u0113mumu pie\u0146em\u0161ana (piem., scoring, autom\u0101tiska atteik\u0161ana u.tml.).<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 22 \u2013 Automated individual decision-making, including profiling<\/strong><\/p>\n\n\n\n

        Piekri\u0161ana (Consent)<\/h3>\n\n\n\n

        20) Ja apstr\u0101de balst\u0101s uz piekri\u0161anu, tai j\u0101b\u016bt br\u012bvpr\u0101t\u012bgai, konkr\u0113tai, inform\u0113tai un atsaucamai (Controller<\/em>)<\/h4>\n\n\n\n

        Ja vietne v\u0101c personas datus un pamats ir piekri\u0161ana, blakus ir j\u0101b\u016bt skaidrai saitei uz priv\u0101tuma politiku un lietot\u0101jam j\u0101veic akt\u012bva darb\u012bba, lai piekristu. Iepriek\u0161 at\u0137eks\u0113tas izv\u0113les (pre-ticked checkboxes) nav at\u013cautas<\/strong>, jo piekri\u0161anai j\u0101b\u016bt nep\u0101rprotami apstiprino\u0161ai.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 7 \u2013 Conditions for consent<\/strong><\/p>\n\n\n\n

        21) Priv\u0101tuma politika ir uzrakst\u012bta skaidri un saprotami (Controller<\/em>)<\/h4>\n\n\n\n

        Tekstam j\u0101b\u016bt vienk\u0101r\u0161am, nep\u0101rprotamam un nedr\u012bkst sl\u0113pt nol\u016bku. Ja tas nav iev\u0113rots, piekri\u0161ana var tikt atz\u012bta par neder\u012bgu. Ja sniedz pakalpojumus b\u0113rniem, tekstam j\u0101b\u016bt saprotamam ar\u012b vi\u0146iem.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 7.2 \u2013 Conditions for consent<\/strong><\/p>\n\n\n\n

        22) Atsaukt piekri\u0161anu ir tikpat viegli, k\u0101 to iedot (Controller<\/em>)<\/h4>\n\n\n\n

        Ja piekri\u0161ana tiek dota ar vienu klik\u0161\u0137i, ar\u012b atsauk\u0161anai nevajadz\u0113tu b\u016bt \u201cslepen\u0101\u201d iestat\u012bjumu lap\u0101 ar pieciem so\u013ciem.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 7.3 \u2013 Conditions for consent<\/strong><\/p>\n\n\n\n

        23) Ja apstr\u0101d\u0101 b\u0113rnu datus, p\u0101rbaudi vecumu un prasi aizbild\u0146a piekri\u0161anu (Controller<\/em>)<\/h4>\n\n\n\n

        B\u0113rniem, kas jaun\u0101ki par 16 gadiem, ir j\u0101nodro\u0161ina, ka piekri\u0161anu dod likum\u012bgais aizbildnis. Ja piekri\u0161ana tiek ieg\u016bta vietn\u0113, tev j\u0101m\u0113\u0123ina p\u0101rliecin\u0101ties, ka apstiprin\u0101jumu tie\u0161\u0101m sniedzis aizbildnis, nevis pats b\u0113rns.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 8 \u2013 Conditions applicable to child’s consent in relation to information society services<\/strong><\/p>\n\n\n\n

        24) Atjauninot priv\u0101tuma politiku, tu inform\u0113 eso\u0161os klientus (Controller<\/em>)<\/h4>\n\n\n\n

        Praktisks piem\u0113rs: e-pasts ar gaid\u0101maj\u0101m izmai\u0146\u0101m un vienk\u0101r\u0161u izkl\u0101stu, kas ir main\u012bjies.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 7 \u2013 Conditions for consent<\/strong><\/p>\n\n\n\n

        P\u0113cp\u0101rbaude (Follow-up)<\/h3>\n\n\n\n

        25) Tu regul\u0101ri p\u0101rskati politikas, efektivit\u0101ti, datu apstr\u0101des izmai\u0146as un izmai\u0146as valst\u012bs, uz kur\u0101m pl\u016bst dati (Controller<\/em>)<\/h4>\n\n\n\n

        GDPR atbilst\u012bba nav vienreiz\u0113js uzdevums. Main\u0101s integr\u0101cijas, r\u012bki, datu pl\u016bsmas, k\u0101 ar\u012b starptautiskais regul\u0113jums. Regul\u0101rs p\u0101rskats ir da\u013ca no \u201cprivacy by design\/default\u201d dom\u0101\u0161anas.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 25 \u2013 Data protection by design and by default<\/strong><\/p>\n\n\n\n

        \u012apa\u0161ie gad\u012bjumi (Special Cases)<\/h3>\n\n\n\n

        26) Tu saproti, kad j\u0101veic DPIA augsta riska apstr\u0101dei (sensit\u012bvi dati u.c.) (Controller<\/em>)<\/h4>\n\n\n\n

        DPIA (Data Protection Impact Assessment) parasti k\u013c\u016bst aktu\u0101la, ja notiek liel\u0101 m\u0113rog\u0101 sensit\u012bvu datu apstr\u0101de, profil\u0113\u0161ana vai cita darb\u012bba, kas rada augstu risku cilv\u0113ku ties\u012bb\u0101m un br\u012bv\u012bb\u0101m.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 35 \u2013 Data protection impact assessment<\/strong><\/p>\n\n\n\n

        27) Datus \u0101rpus ES nodod tikai uz valst\u012bm ar atbilsto\u0161u aizsardz\u012bbas l\u012bmeni, un to atkl\u0101j priv\u0101tuma politik\u0101 (Controller, Processor<\/em>)<\/h4>\n\n\n\n

        Ja ir datu pl\u016bsmas uz tre\u0161aj\u0101m valst\u012bm, priv\u0101tuma politik\u0101 t\u0101s ir j\u0101atspogu\u013co. Ja valsts netiek uzskat\u012bta par \u201cadequate\u201d, datu nodo\u0161anai tipiski izmanto Standard Contractual Clauses (SCCs)<\/strong> vai Binding Corporate Rules (BCRs)<\/strong>.<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 45 \u2013 Transfers on the basis of an adequacy decision<\/strong><\/p>\n\n\n\n

        Datu subjekta ties\u012bbas (User Rights): ko tev j\u0101nodro\u0161ina lietot\u0101jam<\/h2>\n\n\n\n

        Zem\u0101k ir ties\u012bbu kopums, kas attiecas uz visiem Data Subjects<\/strong> (person\u0101m, kuru dati tiek apstr\u0101d\u0101ti). \u0160eit es to atst\u0101ju k\u0101 praktisku \u201catg\u0101din\u0101juma\u201d sada\u013cu \u2014 daudz kas jau p\u0101rkl\u0101jas ar iepriek\u0161\u0113jiem punktiem, bet panti un nosac\u012bjumi ir svar\u012bgi, lai korekti noform\u0113tu procesu un komunik\u0101ciju.<\/p>\n\n\n\n

        Ties\u012bbas uz caursp\u012bd\u012bgu inform\u0101ciju<\/h3>\n\n\n\n

        P\u0101rzinim j\u0101nodro\u0161ina inform\u0101cija par apstr\u0101di kodol\u012bgi, caursp\u012bd\u012bgi, saprotami un viegli pieejami, izmantojot skaidru valodu (\u012bpa\u0161i, ja inform\u0101cija adres\u0113ta b\u0113rnam). Inform\u0101ciju var sniegt rakstiski vai cit\u0101 veid\u0101 (ar\u012b elektroniski, ja piem\u0113rojams).<\/p>\n\n\n\n

        Reference:<\/strong> GDPR Article 12<\/strong><\/p>\n\n\n\n

        Ties\u012bbas sa\u0146emt konkr\u0113tu inform\u0101ciju, ja dati tiek ieg\u016bti tie\u0161i no personas<\/h3>\n\n\n\n

        Ja personas dati tiek iev\u0101kti tie\u0161i no datu subjekta, j\u0101sniedz vismaz \u0161\u0101da inform\u0101cija:<\/p>\n\n\n\n

          \n\n
        1. P\u0101rzi\u0146a identit\u0101te un kontaktinform\u0101cija<\/li>\n\n\n
        2. Datu aizsardz\u012bbas speci\u0101lista (DPO) kontaktinform\u0101cija (ja piem\u0113rojams)<\/li>\n\n\n
        3. Apstr\u0101des m\u0113r\u0137i un juridiskais pamats<\/li>\n\n\n
        4. P\u0101rzi\u0146a le\u0123it\u012bm\u0101s intereses (ja piem\u0113rojams)<\/li>\n\n\n
        5. Personas datu sa\u0146\u0113m\u0113ji vai sa\u0146\u0113m\u0113ju kategorijas<\/li>\n\n\n
        6. Inform\u0101cija par nodo\u0161anu uz tre\u0161aj\u0101m valst\u012bm<\/li>\n\n<\/ol>\n\n\n\n

          Reference:<\/strong> GDPR Article 13<\/strong><\/p>\n\n\n\n

          Ties\u012bbas sa\u0146emt konkr\u0113tu inform\u0101ciju, ja dati netiek ieg\u016bti tie\u0161i no personas<\/h3>\n\n\n\n

          Ja dati tiek ieg\u016bti no cita avota, joproj\u0101m j\u0101sniedz l\u012bdz\u012bga inform\u0101cija, tostarp j\u0101nor\u0101da attiec\u012bgo personas datu kategorijas un datu avots.<\/p>\n\n\n\n

          Reference:<\/strong> GDPR Article 14<\/strong><\/p>\n\n\n\n

          Piek\u013cuves ties\u012bbas (Right of access)<\/h3>\n\n\n\n

          Personai ir ties\u012bbas sa\u0146emt apstiprin\u0101jumu, vai vi\u0146as dati tiek apstr\u0101d\u0101ti, un piek\u013cuvi vismaz \u0161\u0101dai inform\u0101cijai:<\/p>\n\n\n\n

            \n\n
          • Apstr\u0101des m\u0113r\u0137i<\/li>\n\n\n
          • Attiec\u012bgo personas datu kategorijas<\/li>\n\n\n
          • Sa\u0146\u0113m\u0113ji, kuriem dati ir izpausti vai tiks izpausti<\/li>\n\n\n
          • Pl\u0101notais glab\u0101\u0161anas termi\u0146\u0161<\/li>\n\n\n
          • Ties\u012bbu esam\u012bba: labo\u0161ana, dz\u0113\u0161ana, ierobe\u017eo\u0161ana un iebildums<\/li>\n\n\n
          • Ties\u012bbas iesniegt s\u016bdz\u012bbu uzraudz\u012bbas iest\u0101d\u0113<\/li>\n\n\n
          • Inform\u0101cija par datu avotu (ja dati nav ieg\u016bti no datu subjekta)<\/li>\n\n\n
          • Automatiz\u0113tas l\u0113mumu pie\u0146em\u0161anas esam\u012bba, tostarp profil\u0113\u0161ana<\/li>\n\n<\/ul>\n\n\n\n

            Reference:<\/strong> GDPR Article 15<\/strong><\/p>\n\n\n\n

            Ties\u012bbas uz labo\u0161anu (Right to rectification)<\/h3>\n\n\n\n

            Personai ir ties\u012bbas bez nepamatotas kav\u0113\u0161an\u0101s labot neprec\u012bzus personas datus un papildin\u0101t nepiln\u012bgus datus.<\/p>\n\n\n\n

            Reference:<\/strong> GDPR Article 16<\/strong><\/p>\n\n\n\n

            Ties\u012bbas uz dz\u0113\u0161anu (\u201cright to be forgotten\u201d)<\/h3>\n\n\n\n

            Personai ir ties\u012bbas pan\u0101kt datu dz\u0113\u0161anu, ja:<\/p>\n\n\n\n

              \n\n
            1. Dati vairs nav nepiecie\u0161ami s\u0101kotn\u0113jam m\u0113r\u0137im<\/li>\n\n\n
            2. Persona atsauc piekri\u0161anu un nav cita juridiska pamata apstr\u0101dei<\/li>\n\n\n
            3. Persona iebilst apstr\u0101dei un nepast\u0101v p\u0101r\u0101ki le\u0123it\u012bmi pamati turpin\u0101t apstr\u0101di<\/li>\n\n\n
            4. Dati ir apstr\u0101d\u0101ti nelikum\u012bgi<\/li>\n\n\n
            5. Dati j\u0101dz\u0113\u0161, lai izpild\u012btu juridisku pien\u0101kumu<\/li>\n\n\n
            6. Dati tika iev\u0101kti saist\u012bb\u0101 ar inform\u0101cijas sabiedr\u012bbas pakalpojumiem, kas pied\u0101v\u0101ti b\u0113rnam<\/li>\n\n<\/ol>\n\n\n\n

              Reference:<\/strong> GDPR Article 17<\/strong><\/p>\n\n\n\n

              Ties\u012bbas uz apstr\u0101des ierobe\u017eo\u0161anu (Right to restriction of processing)<\/h3>\n\n\n\n

              Personai ir ties\u012bbas pan\u0101kt apstr\u0101des ierobe\u017eo\u0161anu, ja:<\/p>\n\n\n\n

                \n\n
              1. Persona apstr\u012bd datu precizit\u0101ti (uz periodu, kas \u013cauj p\u0101rzinim p\u0101rbaud\u012bt)<\/li>\n\n\n
              2. Apstr\u0101de ir nelikum\u012bga un persona iebilst dz\u0113\u0161anai<\/li>\n\n\n
              3. P\u0101rzinim dati vairs nav vajadz\u012bgi, bet personai tie nepiecie\u0161ami juridisku pras\u012bbu cel\u0161anai\/aizst\u0101v\u012bbai<\/li>\n\n\n
              4. Persona ir iebildusi apstr\u0101dei, kam\u0113r tiek p\u0101rbaud\u012bti le\u0123it\u012bmie pamati<\/li>\n\n<\/ol>\n\n\n\n

                Reference:<\/strong> GDPR Article 18<\/strong><\/p>\n\n\n\n

                Ties\u012bbas tikt inform\u0113tam par labo\u0161anu, dz\u0113\u0161anu vai ierobe\u017eo\u0161anu<\/h3>\n\n\n\n

                P\u0101rzinim j\u0101inform\u0113 katrs sa\u0146\u0113m\u0113js, kuram dati izpausti, par labo\u0161anu, dz\u0113\u0161anu vai apstr\u0101des ierobe\u017eo\u0161anu, ja vien tas nav neiesp\u0113jami vai neprasa nesam\u0113r\u012bgas p\u016bles.<\/p>\n\n\n\n

                Reference:<\/strong> GDPR Article 19<\/strong><\/p>\n\n\n\n

                Ties\u012bbas uz datu p\u0101rnesam\u012bbu (Right to data portability)<\/h3>\n\n\n\n

                Personai ir ties\u012bbas sa\u0146emt savus datus struktur\u0113t\u0101, pla\u0161i izmantot\u0101 un ma\u0161\u012bnlas\u0101m\u0101 form\u0101t\u0101 un nodot tos citam p\u0101rzinim bez kav\u0113\u0161anas.<\/p>\n\n\n\n

                Reference:<\/strong> GDPR Article 20<\/strong><\/p>\n\n\n\n

                Ties\u012bbas iebilst (Right to object)<\/h3>\n\n\n\n

                Personai ir ties\u012bbas jebkur\u0101 laik\u0101 iebilst pret apstr\u0101di, kas balst\u012bta uz le\u0123it\u012bm\u0101m interes\u0113m vai sabiedr\u012bbas interes\u0113m, ieskaitot profil\u0113\u0161anu, pamatojoties uz savu konkr\u0113to situ\u0101ciju.<\/p>\n\n\n\n

                Reference:<\/strong> GDPR Article 21<\/strong><\/p>\n\n\n\n

                Ties\u012bbas netikt pak\u013cautam automatiz\u0113tai l\u0113mumu pie\u0146em\u0161anai<\/h3>\n\n\n\n

                Personai ir ties\u012bbas netikt pak\u013cautai l\u0113mumam, kas balst\u012bts tikai uz automatiz\u0113tu apstr\u0101di (tostarp profil\u0113\u0161anu), ja tas rada juridiskas sekas vai l\u012bdz\u012bgi b\u016btiski ietekm\u0113 personu.<\/p>\n\n\n\n

                Reference:<\/strong> GDPR Article 22<\/strong><\/p>\n\n\n\n

                Praktiskie ievie\u0161anas so\u013ci (no dro\u0161\u012bbas l\u012bdz e-pastiem)<\/h2>\n\n\n\n

                1) Nostiprini vietnes dro\u0161\u012bbu<\/h3>\n\n\n\n

                Liela da\u013ca GDPR atbilst\u012bbas praks\u0113 s\u0101kas ar element\u0101ru dro\u0161\u012bbu un datu minimiz\u0101ciju. Konkr\u0113ts checklists:<\/p>\n\n\n\n

                  \n\n
                • Uzst\u0101di SSL sertifik\u0101tu<\/strong> (HTTPS), lai \u0161ifr\u0113tu datu pl\u016bsmu starp vietni un serveri<\/li>\n\n\n
                • Izmanto stipras paroles<\/strong> visiem admin kontiem<\/li>\n\n\n
                • Pievieno papildu aizsardz\u012bbu<\/strong> maks\u0101jumu inform\u0101cijas apstr\u0101dei<\/li>\n\n\n
                • Izmanto CDN<\/strong> pakalpojumu sniedz\u0113ju ar DDoS aizsardz\u012bbu<\/li>\n\n\n
                • Ievies anti-v\u012brusu risin\u0101jumu<\/strong>, lai nov\u0113rstu nesankcion\u0113tu piek\u013cuvi<\/li>\n\n\n
                • Samazini datu v\u0101k\u0161anu<\/strong> \u2014 v\u0101kt tikai nepiecie\u0161amo<\/li>\n\n\n
                • Pseudonimiz\u0113 vai anonimiz\u0113<\/strong> personas datus pirms glab\u0101\u0161anas (kur iesp\u0113jams)<\/li>\n\n\n
                • Veido rezerves kopijas<\/strong> vair\u0101k\u0101s dro\u0161\u0101s lok\u0101cij\u0101s<\/li>\n\n\n
                • Dz\u0113s datus<\/strong>, kad tie vairs nav vajadz\u012bgi<\/li>\n\n<\/ul>\n\n\n\n

                  2) Pievieno s\u012bkdat\u0146u (cookie) piekri\u0161anas baneri<\/h3>\n\n\n\n

                  Ja vietn\u0113 ir ne-oblig\u0101tas s\u012bkdatnes (piem., m\u0101rketinga vai detaliz\u0113ta anal\u012btika), tev vajag skaidru piekri\u0161anu pirms to aktiviz\u0113\u0161anas<\/strong>.<\/p>\n\n\n\n

                  S\u012bkdat\u0146u banerim j\u0101izpilda \u0161\u0101das pras\u012bbas:<\/p>\n\n\n\n