McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business HomeProducts & SolutionsData ProtectionUS & Global Data Protection LawsInternational Privacy & Data Protection Laws

Bulgaria

 
OVERVIEW Bulgaria’s Personal Data Protection Act implements the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the EU data protection directive). The Act came into force on 1 January 2002.
ENACTED 2002
GENERAL PRIVACY LAWS

Article 32 of the Bulgarian Constitution provides that the privacy of citizens shall be “inviolable” and that everyone is entitled to protection against any illegal interference in his private or family affairs.

Article 1 of the Personal Data Protection Act states that the Act is intended to guarantee the inviolability of individuals and their privacy.
PERSONAL DATA PROTECTION LAWS AND REGULATIONS Law on Personal Data Protection
TYPE OF DATA PROTECTED Personal Data which means any information relating to a natural person, which reveals his physical, psychological, mental, family, economic, cultural or social identity.
WORKPLACE PRIVACY LAWS Neither the Personal Data Protection Act nor the Bulgarian Labor Code provide for personal data protection in the workplace. Additionally, Bulgaria currently has no legislation related to workplace monitoring.
TRANSBORDER TRANSFERS Law on Personal Data Protection complies with the EU Personal Data Directive.
FINES AND SANCTIONS

The Personal Data Protection Act provides the data subject with the right to appeal to the Commission for Personal Data Protection within 30 days from the data when he has become aware of the infringement but not later than one year from the data when such an infringement has taken place. The Commission then has 30 days to issue an opinion and set a time limit to remedy the infringement or to impose an administrative penalty. Once the Commission has issued its opinion, the data subject has 14 days from its receipt to appeal to the supreme Administrative Court.

Sanctions may be imposed for breaches of the Personal Data Protection Act. The sanctions vary depending upon the violation and who commits it:

  1. A data controller who, without any valid reason, fails to deliver an opinion after receiving a request from the data subject, can be fined from BNG 10,000 to 100,000;
  2. A data controller who fails to comply with the instructions from the Commission for Personal Data Protection or a Court shall be liable from a fine of BGN 5,000 to 100,000;
  3. For any other infringements, the data controller can be fined from BGN 50 to 300. A sole proprietor or legal person can be fined BGN 5000 to 30,000;
  4. A data controller who fails to register shall be fined in the range of BGN 1,000 to BGN 10,000.
  5. A data controller failing to act in a timely manner with respect to an application for access to personal data can be penalized by a fine of BGN 1,000 to BGN 20,000;
  6. Persons who refuse to cooperate with the Commission can be penalized from BGN 1,000 BGN 10,000;and,
  7. For any other violation, offenders can be penalized from BNG 500 to BGN 5,000.
OTHER PRIVACY LAWS AND REGULATIONS
  • Computer Crime Law
  • Bulgaria has numerous laws that regulate the banking and credit industries. These laws have limited or no provisions regulating the collection of personal data. A number of laws such as the Banking and Lending Act have provisions requiring ban employees and others with access to customer information, to keep all such information confidential. Other laws require banks to collect certain records. The Law on Credit Institutions requires records be kept on customer credit.
  • Under Bulgarian law, medical workers are obligated to keep the facts secret concerning the state of health of patients, the method of infection and other circumstances related to the illness. This obligation can be found in the People's Health Act and the Act of the Professional Organizations of Physicians and Dentists.
  • The Telecommunications Law requires the operators of telecommunications to protect the secrecy of communications and must take all necessary technical and organizational measures that are necessary.
  • The Bulgarian rules for e-communications are governed by two main statutes. Article 13 of the Privacy and Electronic Communications Directive has been implemented by the Electronic Communications Act (the “ECA”) and the E-Commerce Act.
United States - English