Estonia Personal Data Protection Act (Isikuandmete kaitse seadus, 2019)
Estonia's national Personal Data Protection Act (Isikuandmete kaitse seadus, RT I, 04.01.2019, 11, in force from 15 January 2019). The Act applies in conjunction with the GDPR: Chapter 2 implements the GDPR Article 85-89 derogations for journalistic, academic, scientific/historical research and archiving purposes; Chapter 3 covers national specifications including the child's age of consent (set at 13), processing after death of the data subject, processing in connection with violations of obligations, and processing in public places; Chapter 4 implements Directive (EU) 2016/680 (Law Enforcement Directive) for processing by law enforcement authorities, including processing principles, data subject rights, controller/processor obligations, the data protection specialist, security measures, breach notification, and transmission to third countries; Chapter 5 establishes the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) and its competence; Chapters 6-7 set liability, penalties and implementing provisions.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (6)
Estonia PDPA - Estonian Data Protection Inspectorate
| Code | Title |
|---|---|
| EST-IKS-§51-55 | Formation of the Estonian Data Protection Inspectorate and Head appointment |
| EST-IKS-§56-61 | Exercise of state and administrative supervision by the Inspectorate |
Estonia PDPA - GDPR Derogations for Specific Purposes
| Code | Title |
|---|---|
| EST-IKS-§4 | Processing for journalistic purposes (GDPR Art.85 derogation) |
| EST-IKS-§5 | Processing for academic, artistic and literary expression |
| EST-IKS-§6 | Processing for scientific and historical research and official statistics |
| EST-IKS-§7 | Processing for archiving in the public interest |
Estonia PDPA - General Provisions and GDPR Application
| Code | Title |
|---|---|
| EST-IKS-§1 | Scope of regulation of the Act |
| EST-IKS-§2 | Specifications for application of the Act and Regulation (EU) 2016/679 |
| EST-IKS-§3 | Application of the Administrative Procedure Act |
Estonia PDPA - Law Enforcement Directive Implementation
| Code | Title |
|---|---|
| EST-IKS-§12-13 | Application of the Law Enforcement chapter and terms |
| EST-IKS-§14-21 | Principles of processing by law enforcement authorities |
| EST-IKS-§22-28 | Rights of data subjects in law enforcement processing |
| EST-IKS-§29-39 | Obligations of controllers and processors in law enforcement processing |
| EST-IKS-§40-42 | Data Protection Specialist for law enforcement processing |
| EST-IKS-§43-45 | Security measures and breach notification in law enforcement processing |
| EST-IKS-§46-50 | Transmission of personal data to third countries and international organisations |
Estonia PDPA - Liability and Implementing Provisions
| Code | Title |
|---|---|
| EST-IKS-§62-73 | Violations, proceedings and penalties |
| EST-IKS-§74-76 | Register, repeal and entry into force |
Estonia PDPA - National Specifications under GDPR
| Code | Title |
|---|---|
| EST-IKS-§10 | Processing of personal data in connection with violation of an obligation |
| EST-IKS-§11 | Processing of personal data in public places (CCTV) |
| EST-IKS-§8 | Processing of children's personal data for information society services |
| EST-IKS-§9 | Processing of personal data after death of the data subject |
Maps to 2 other frameworks
Frequently Asked Questions
What is Estonia Personal Data Protection Act (Isikuandmete kaitse seadus, 2019)?
Estonia Personal Data Protection Act (Isikuandmete kaitse seadus, 2019) is a compliance framework from Estonia with 6 domains and 22 controls. Estonia's national Personal Data Protection Act (Isikuandmete kaitse seadus, RT I, 04.01.2019, 11, in force from 15 January 2019). The Act applies in conjunction with the GDPR: Chapter 2 implements the GDPR Article 85-89 derogations for journalistic, academic, scientific/historical research and archiving purposes; Chapter 3 covers national specifications including the child's age of consent (set at 13), processing after death of the data subject, processing in connection with violations of obligations, and processing in public places; Chapter 4 implements Directive (EU) 2016/680 (Law Enforcement Directive) for processing by law enforcement authorities, including processing principles, data subject rights, controller/processor obligations, the data protection specialist, security measures, breach notification, and transmission to third countries; Chapter 5 establishes the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) and its competence; Chapters 6-7 set liability, penalties and implementing provisions. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Estonia Personal Data Protection Act (Isikuandmete kaitse seadus, 2019) have?
Estonia Personal Data Protection Act (Isikuandmete kaitse seadus, 2019) has 22 controls organised across 6 domains. The largest domains are Estonia PDPA - Law Enforcement Directive Implementation (7 controls), Estonia PDPA - GDPR Derogations for Specific Purposes (4 controls), Estonia PDPA - National Specifications under GDPR (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Estonia Personal Data Protection Act (Isikuandmete kaitse seadus, 2019) map to?
Estonia Personal Data Protection Act (Isikuandmete kaitse seadus, 2019) maps to 2 other compliance frameworks. The top mapping partners are GDPR (32% coverage), Rwanda Law No. 058/2021 Relating to the Protection of Personal Data (5% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with Estonia Personal Data Protection Act (Isikuandmete kaitse seadus, 2019) compliance?
Start your Estonia Personal Data Protection Act (Isikuandmete kaitse seadus, 2019) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Estonia Personal Data Protection Act (Isikuandmete kaitse seadus, 2019) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 22 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.
Get Started Free →Free forever — no credit card required