Information on organisational and technical data security measures

The Ministry of Finance, as data controller, must implement the organisational and technical data security requirements set by the law of the Republic of Lithuania.

Basic legislation for the implementation of organisational and technical data security measures in the Ministry of Finance:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
• Republic of Lithuania Law on Legal Protection of Personal Data;
• Republic of Lithuania Law on Cyber Security;
• Republic of Lithuania Law on Management of State Information Resources;
• Description of Organisational and Technical Cyber Security Requirements for Cyber Security Entities approved by Government of the Republic of Lithuania Resolution No 818 of 13 August 2018 on the implementation of the Republic of Lithuania Law on Cyber Security;
• Technical Electronic Information Safety Requirements for State Registers (Cadastres), Departmental Registers, State Information Systems and Other Information Systems approved by Order No V-941 of the Minister of National Defence of the Republic of Lithuania of 4 December 2020 on the approval of the Technical Electronic Information Safety Requirements for State Registers (Cadastres), Departmental Registers, State Information Systems and Other Information Systems;
• Standard LST EN ISO/IEC 27001 “Information Technology: Methods of Security. Information Security Management Systems. Requirements”;
• Standard LST EN ISO/IEC 27002 “Information Technology: Methods of Security. Information Security Control Practice Regulations”;
• List of standard safeguards for the protection of personal data

In addition to the requirements set out by law of the Republic of Lithuania and international standards, the Ministry of Finance implements organisational and technical personal data security measures specified in the Description of the Procedure for the Processing of Personal Data and the Exercise of the Rights of the Data Subjects in the Ministry of Finance, the Rules for Processing Image Data in the Ministry of Finance and other legislation regulating the processing of personal data and data protection by the Ministry of Finance aimed to ensure appropriate security of personal data and protection against unauthorised or unlawful data processing, and against accidental loss, destruction or damage.