Activities of the State Data Protection Inspectorate in 2025
The State Data Protection Inspectorate (hereinafter referred to as the SDPI) is an independent data protection supervisory authority, supervising the application of the General Data Protection Regulation (hereinafter referred to as the GDPR) and implementing the tasks set out in other Lithuanian and EU legal acts. The mission of the SDPI as a data protection supervisory authority is to protect the human right to the protection of personal data.
One of the priorities of the SDPI is to increase the knowledge, competence and skills of data controllers, data protection officers and data subjects in the field of personal data protection, and therefore particular attention is paid to prevention and education activities. 2025 saw active cooperation with associations of professionals in different fields, organisation of remote events with an unlimited number of participants, as well as the publication of public recordings of the events. In total, SDPI representatives participated in 25 events in Lithuania in 2025, delivering 49 presentations to nearly 4,500 participants.
Various methodological documents are prepared and made publicly available in order to ensure that as many people as possible receive information on the protection of personal data and privacy, and to reduce the number of individual requests. 18 of them have been developed by the SDPI in 2025. In preparing methodological information, the SDPI takes into account the needs or expectations expressed by organisations and the public.
The growing activity of the population shows increasing awareness in the field of data protection – in 2025, 48% more complaints and reports were received than in 2024. This increase reflects greater awareness among people of their rights and their determination to defend them.
A welcome trend – confidence in the data protection system is growing. According to a representative survey of the population, 58% of residents believe that companies and institutions in Lithuania ensure the right to data protection (6 percentage points more than in 2024). Public confidence in their knowledge of data protection has also increased, with 50% of respondents saying that people are informed about personal data protection (4 percentage points more than in 2024). These indicators suggest that consistent preventive and educational measures contribute to the formation of a more mature data protection culture.
Consistency in the application of data protection rules depends on the efforts of supervisory authorities in all EU Member States and on decisions taken at EU level, which is why the staff of the SDPI is actively involved in international activities. in 2025, representatives of the SDPI attended 102 meetings and other working sessions. Most of them are involved in the European Data Protection Board subgroups, which draft and coordinate documents (opinions, guidelines, etc.) relevant to the consistent application of the GDPR across the EU.
Interesting figures and facts:
- in 2025, 2,081 complaints were received, an increase of 48% compared to 1,408 in 2024. The most popular areas for complaints are: disclosure of personal data, video surveillance, direct marketing, collection of personal data, and access to data.
- in 2025, the SDPI issued 66 instructions, 56 reprimands, 78 recommendations, and 2 warnings to organisations following findings of breaches.
- 5 fines are imposed for personal data breaches. The total amount of fines imposed was 27,029, with the largest fine being 9,000 and the smallest 3,529.
- The number of draft legal acts received for coordination is growing (807 legal acts received in 2025, 768 in 2024, and 732 in 2023).
- The number of consultations provided remains similar: 4,301 consultations were provided in 2025 and 4,334 were provided in 2024.
- The most common types of consultations are on the application of the GDPR, the lawfulness of processing personal data, video surveillance, lodging a complaint with the Inspectorate, and the processing of employees' personal data.
- Statistics on personal data breach (hereinafter referred to as PDB) notifications: 223 PDB notifications have been received , the number of data subjects affected in Lithuania is 1,249,409. PDB were caused by cyber incidents, 58% by human error and 13% by other causes.
- The SDPI acts as lead supervisory authority in 78 international cases.
- In 2025, 156 new data protection officers were appointed in Lithuania.
