LTH PRL ICT Security, Data Protection


On Jul. 24, LTH PRL issued law on ICT resources management, other.


  • LTH PRL issued Law XIV-2908 on information resources management amending Law XI-1807 arts 1, 3, 4, 5, 7, 14, 15, 26, 27, 39, 41, 42, 43, 46 and other legislation.
  • That is, Law XI-1807 of Dec. 2011 State Information Resources Management Law.
  • Follows LTH PRL Jul. 2024 issued law to amend Cyber Security Law, see #220155.
  • Overview
  • This new law contributes to improve cyber security in the country by making amendments to the law of Law of 2011 on State information resources management.
  • Applies to state information resources, whose management and other legal relations arise from them, relate to application of requirements for protection of national security, cyber security and personal data protection.
  • As well as establishment of state data governance, use of electronic communication networks, public administration, data reuse, processing of spatial data as regulated by other laws, directly applicable EU legal acts or international treaties.
  • That, to the extent that it is not regulated in national law, directly applicable EU legal acts or international treaties Lithuania has entered into; more in draft bill.
  • Re data protection: personal data that make up state information resources managed and processed in accordance with GDPR, Law on Legal Protection of Personal Data, Law on Personal Data Processed for Law Enforcement or National Security Purposes and other legal acts establishing requirements for the processing personal data.
  • Information systems, data, data managers/processors of these information systems, IT platforms, IT tools are generally subject to cyber security requirements set by Cyber Security Law, other legal acts determining conditions for cyber security entities activity.
  • Requirements set in points 1-2 art 15, Part 5 of Law on Cybersecurity apply mutatis mutandis to responsible for assessment of importance of state information resources.
  • I.e. those persons specified in description of the procedure to assess importance of state information resources approved by LTH GVT.
  • Also deals with procedure for providing and receiving IT services where it requires written contract is concluded between IT service provider and recipient of IT services.
  • When concluding IT service contract with IT service provider, this law, Law on Cyber Security, other legal acts regulating management and handling of state data resources must be taken into account and complied with; further details are provided.
  • Effectiveness
  • The law enters into force on Oct. 18, 2024.

Regulators LTH PRL
Entity Types Corp
Reference OG 13543, 7/24/2024; Law XIV-2908, 7/11/2024; Bill XIVP-3821(2); Law XI-1807; GDPR Reg 2016/679
Functions Compliance; Cyber; Legal; Operations; Outsourcing; Privacy; Risk; Technology
Countries Lithuania
Category
State
Products Corporate
Regions EMEA
Rule Type Final
Rule Date 7/24/2024
Effective Date 10/18/2024
Rule Id 220722
Linked to Rule :220155
Reg. Last Update 7/24/2024
Report Section EU

Last substantive update on 07/29/2024