2025-04-14

The Personal Data Protection Service Publishes First Quarterly Activity Report for 2025

---

The Personal Data Protection Service Published its Activity Report for the First Three Months of 2025.

Citizens’ Applications

During the reporting period, the Service received 260 applications/notifications. 187 (72%) applications/notifications related to data processing in private sector, 28 (11%) - in public institutions and 45 (17%) - in law enforcement bodies.

Examination of the Lawfulness of Data Processing (Inspection)

In the reporting period, the Service initiated 81 examinations (inspections) of data processing lawfulness, out of which 42% (34) were planned, whereas 58% (47) were unplanned inspections.

Revealed Administrative Offences

The Service identified 123 cases of unlawful processing of personal data, out of which 88 cases were studied in the scope of the examinations (inspections) initiated in 2024 and conducted (completed) in the reporting period, while 35 cases were studied in the scope of the examinations (inspections) initiated and completed during the reporting period.

76% (93 cases) were related to the private sector, 22% (27 cases) public institutions, and 2% (3 cases) law enforcement agencies.

Instructions and Recommendations Issued by the Service

The Service issued a total of 137 instructions and recommendations to public institutions, representatives of private sector and law enforcement bodies.

Consultations Provided by the Service

During the reporting period, the Service provided 2 240 consultations—both orally (via telephone communications and in-person meetings) and in written.

Monitoring of the covert investigative actions and the activity carried out at the central databank of the electronic communication identification data

The Personal Data Protection Service used the suspension mechanism of covert wiretapping and recording of telephone communications (via electronic control system) in 28 cases. Among them, 26 were due to delayed submission of court orders, and two due to the termination of covert investigative actions.

During the reporting period, the Service received four notifications regarding the data breach (incident) from the data controllers.