E-Commerce
Businesses operating online must comply with the Law on Information Society Services and Consumer Protection. Key requirements:
- Information: Clear disclosure of trader identity, price calculation, and terms & conditions.
- Electronic Invoicing: Recognized legally; authenticity can be guaranteed via electronic signatures.
- Electronic Identification: The law recognizes simple, advanced, and qualified electronic signatures (the latter having the equivalent effect of a handwritten signature).
Data Protection (GDPR Alignment)
Regulated by the Information and Privacy Agency (AIP). The law mirrors the EU GDPR.
- Principles: Lawfulness, minimization, accuracy, and storage limitation.
- Rights: Data subjects have the right to access, rectify, delete (“right to be forgotten”), and restrict processing of their data.
- Controllers & Processors: Must implement technical measures to secure data. Breaches must be reported to AIP within 72 hours.
- Transfers: International data transfers are restricted to countries ensuring adequate protection.