Skip to main content

Estonia wants to introduce administrative fines into its legal system to allow for a more effective response to data protection law violations


On 6 May 2020, the Estonian Ministry of Justice sent for coordination round the concept of administrative fines. The goal is to introduce into the Estonian legal system a new administrative penalty – administrative fine – in order to react more efficiently to financial, competition and data protection law violations.

As also stipulated in Recital 151 of the GDPR, the Estonian legal system does not currently allow for administrative fines as set out in the GDPR. The rules on administrative fines may therefore be applied in such a manner that in Estonia the fine is imposed by the supervisory authority in the framework of a misdemeanour procedure.

The Estonian Data Protection Inspectorate has recommended to introduce the concept of administrative fines into the Estonian legal system already earlier, saying that sanctioning legal persons through misdemeanour proceedings is inefficient and burdensome to all parties involved. To the best of my knowledge, the Estonian Data Protection Inspectorate has not yet imposed any fines for GDPR violations. In the latest annual, the Head of the Inspectorate hinted that one reason for it was the uncomfortable nature of misdemeanour proceedings and the fact that GDPR fines are intended to be administrative fines by their nature.

According to the concept, the changes are likely to improve companies' compliance with the law, especially because the procedural process of imposing the fine is simplified and shortened.

It remains to be seen whether and how the concept of administrative fines will translate into law and whether that will change companies’ compliance with the GDPR and/or the number of fines issued in Estonia. The expected time for sending the draft for approval and opinion is summer 2020 and the expected time for entry into force is in the first quarter of 2021.


Article provided by: Mari-Liis Orav (TGS Baltic, Estonia)



Discover more about INPLP, the INPLP-Members and the GDPR-FINE database

Dr. Tobias Höllwarth (Managing Director INPLP)

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.


About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.