Rules For The Order In Which The Accredited Natural Person Wishes To Make A Personal Data Processing Audits State And Local Institutions, And On The Individual Eligibility Criteria

Original Language Title: Noteikumi par kārtību, kādā akreditē fiziskās personas, kuras vēlas veikt personas datu apstrādes auditu valsts un pašvaldību institūcijās, un par minēto fizisko personu atbilstības kritērijiem

Read the untranslated law here: https://www.vestnesis.lv/ta/id/167538

Cabinet of Ministers Regulations No 822 in Riga in 2007 (4 December. No. 68 11. §) rules about the order in which the accredited natural person wishes to make a personal data processing audits State and local institutions, and on the individual eligibility criteria in accordance with the Issued individual data protection act article 29 paragraph 6 of part I of General questions 1. determines the order in which the data State Inspectorate accredited natural persons wishing to carry out audits of the processing of personal data (hereinafter audit) State and local government institutions (hereinafter referred to as an auditor) and auditor eligibility criteria. 2. the State Inspectorate every three months, publish in a newspaper "journal" information about Auditors issued and withdrawn certificates of accreditation, accreditation certificate suspension and restoration, the extension of their period of validity, as well as on accreditation certificate of recognition. Three working days after the decision, the information in the data State Inspectorate website on the internet. II. Internal and external auditor accreditation 3. Every three months, the data State Inspectorate for auditor accreditation announcement shall be published in the newspaper "journal", and the data State Inspectorate website on the internet. 4. the State inspection of accredited natural person who meets the criteria laid down in these provisions and has applied the time limit specified in the advertisement (hereinafter the applicant). 5. The applicant shall accredit as internal auditor, if: it has acquired 5.1 higher education;
5.2. it is the knowledge in the field of protection of personal data or knowledge audit and system security;
5.3. it has at least one year of practical experience in the field of protection of personal data, or at least one year of practical experience in the audit and system security;
5.4. it is not penalized for intentional criminal offences or are rehabilitated, or it has been removed or deleted from the criminal record. 6. The applicant shall accredit for the external auditor, if: it has acquired 6.1 higher education;
6.2. it is knowledge for the protection of personal data, audit and system security;
6.3. it is at least three years of practical experience in the field of protection of personal data, or at least three years of practical experience in the audit and system security;
6.4. it is not penalized for intentional criminal offences or are rehabilitated, or it has been removed or deleted from the criminal record. 7. the State Inspectorate has the right to invite the applicant, in the evaluation of the non-governmental organisations, as well as other professionals and experts. 8. to receive the accreditation, the applicant shall submit the data state inspection application. The application shall be accompanied by the following documents: 8.1 of formal education;
8.2. the work experience description (also called SMS for applicant at work, if any);
8.3. professional knowledge with copies of supporting documents (if any);
8.4. a copy of the document certifying the applicant's language skills at the highest level and grade according to the State language law, if an applicant has acquired higher education in Latvian language;
8.5. the assurance that all information is correct, there is no legal impediment to the internal audit and has complied with the law "On Prevention of conflict of interest in the activities of public officials" (if the application is lodged by a public official). 9. paragraph 8 of these provisions in these documents, the applicant shall submit the data state inspection in person or sent electronically, sign it with a digital signature. The documents presented do not issue back. 10. Decision concerning the accreditation of the applicant, or the refusal to accredit the applicant shall adopt within one month of the application and the accompanying documents in the data State Inspectorate. 11. the data State Inspectorate may request the applicant to provide additional information in order to assess the applicant's compliance with this provision in paragraph 5 or 6 of these requirements, if it cannot be obtained from other institutions ' information systems. Additional information applicants must submit two weeks. 12. the data state inspection within three working days after the decision on the applicant's accreditation or refusal to accredit the applicant shall notify the applicant in writing. If the decision on the refusal to accredit the applicant, justify it. If a decision on accreditation, the applicant shall indicate in the notice of receipt of the certificate of accreditation a time and place. 13. include in the certificate of accreditation country inspection data name, accredited auditors in the name, surname, personal code, confirmation that the auditor has the right to carry out audits, accreditation certificate validity period and the date and number of the decision. 14. the data State Inspectorate is entitled to refuse to accredit the applicant if: 14.1. the applicant does not meet this provision in paragraph 5 or 6 of these requirements;
14.2. the application or at the hearing, the prosecution has been initiated against the applicant;
14.3. the applicant has provided false information. 15. Auditor accreditation for three years. III. the period of validity of the accreditation certificate extension 16. Auditor accreditation certificate term of validity shall be extended only if the auditor requires a complete audit of the specific case. Data State Inspectorate is entitled to extend the accreditation of Auditors, the period of validity of the licence for a period not longer than three months. 17. the decision on accreditation certificate extension of the term of validity of the data State Inspectorate based on the application in which the auditors discussed the validity of the certificate extension. This application shall be submitted one month before the auditor accreditation certificate expires. 18. If an auditor to carry out the tasks of the State or local government institution takes time, which is longer than three months, an auditor shall submit a written application for accreditation again in accordance with the provisions of chapter IV. IV. accreditation Again 19. If specified, the period of accreditation auditor can accredit again for three years. 20. to accredited auditor, auditor data State Inspectorate must submit a written application and the documents certifying the auditor gained practical experience in the field of protection of personal data, audit and security system in the period of accreditation šēj above, as well as knowledge of personal data protection, auditing and system security in the previous accreditation period. 21. in order to receive a certificate of accreditation, auditors must comply with this provision in paragraph 5 or 6 of these requirements. 22. the data State Inspectorate is entitled to refuse the accrediting auditors repeatedly if: 22.1. an auditor does not match this rule 5 or 6. these requirements.
22.2. the application or during the proceedings against Auditors are prosecuted;
22.3. the auditor has provided false statements;
22.4. auditor's previous credentials are received during the term justify the complaints about auditor activity;
22.5. auditor's opinion of the quality does not meet regulatory requirements. V. suspension of accreditation certificates and restoring data State Inspectorate 23 is empowered to take a decision on accreditation certificate suspension for up to six months in the following cases: 23.1. auditor's application was received with the request to suspend the accreditation;
23.2. after receipt of the opinion of the auditor of State Data Inspectorate has reasonable doubts as to the quality of the opinion of the Auditors, and it is proposed to carry out;
23.3. have received complaints about the activities of Auditors, and the data state inspection after complaints acknowledged as justified. 24. If you plan to examine the question of the suspension of the accreditation certificate, the data state inspection no later than five working days before the meeting of the Accreditation Commission in writing inform the auditor. Data State Inspectorate has the right to require the auditor to provide additional information about this issue. Auditors in the absence of the issue does not constitute grounds for review. 25. the data State Inspectorate is empowered to take a decision on the renewal of the certificate of accreditation if it is expired, which was stopped on accreditation certificate, and Auditors submits a reasoned application for renewal of the certificate of accreditation. 26. The issue of accreditation cards for the renewal of the activities of the rule in paragraph 24. 27. the decision on accreditation certificate suspension and renewal of the certificate of accreditation data State Inspectorate shall notify the auditor within five working days after the decision is taken. Vi. withdrawal of accreditation certificate 28. Data State Inspectorate shall decide on the revocation of the certificate of accreditation in the following cases: 28.1. Auditors Auditors are found in the operation of the regulatory activities regulatory violations;
28.2. the auditor's application was received with a request to revoke his accreditation.
28.3. Auditors with the Court's ruling has been declared legally incompetent;
28.4. the auditor knowingly provided false information to obtain the accreditation certificate. 29. the State Inspectorate is empowered to take a decision on the cancellation of the certificate of accreditation in the following cases: 29.1. have received justified complaints about auditor activity;
29.2. auditor's opinion of the quality does not meet the legislative or regulatory requirements;
29.3. against the auditor in the course of their duties it has launched criminal persecution;

29.4. an auditor does not submit the rule referred to in paragraph 25 the application for renewal of accreditation. 30. If you plan to examine the question of the withdrawal of the certificate of accreditation, the data state inspection no later than five working days before the meeting of the Accreditation Commission in writing inform the auditor. Data State Inspectorate is entitled to require the auditor to provide additional information about this issue. Auditor absences without justification, there is no reason to question No. 31. a decision on accreditation certificate of cancellation of data State Inspectorate shall notify the auditor within five working days following its adoption. VII. the accreditation certificate records and condemnation of the accreditation certificate 32. recorded data State Inspectorate. 33. the State Inspectorate recognizes the accreditation certificate, based on the auditor's application. Data State Inspectorate is empowered to recognise certificates of accreditation in the following cases: 33.1. accreditation card is stolen or lost;
33.2. changed the auditor's name or surname;
33.3. the certificate of accreditation is a mechanical or other damage, which is not possible to identify the holder of the licence or read the information specified therein;
20.8. accreditation certificates content does not comply with these rules. 34. Invalid or void the accreditation certificate as well as the accreditation certificate that has expired, passes the data State Inspectorate. 35. If the data State Inspectorate recognizes the accreditation certificate, issued certificates of accreditation auditor duplicate. The period of validity of the replica is the same as for the recognised accreditation certificate. Prime Minister a. Halloween Justice Minister g. Smith