Answer to request

ERAELU KAITSE JA RIIGI LÄBIPAISTVUSE EEST

Tatari tn 39 / 10134 Tallinn / 627 4135 / [email protected] / www.aki.ee

Registrikood 70004235

Mathilde Lécaillon

Lawways

[email protected]

Yours: 14.10.2025 Ours: 21.10.2025 nr 2.2.-5/25/19d-4

Answer to request Estonian Data Protection Inspectorate (DPI) has received your letter.

9th June letter is available on Estonian DPI document register: Andmekaitse Inspektsiooni avalik

dokumendiregister.

In this letter we explained that the easiest way to notify about a data protection officer (DPO) in

Estonia is through the E-business register. In this case, there is no need to send a separate

notification to the DPI. The notification can be submitted to the e-business register by a person

with legal representation rights. You must contact valid board members of the local company who

have access to the register.

We noted that if the company has a representative with access to the E-business register services,

the company can notify the appointment of a DPO through the portal (including making changes).

If the DPO is published in the e-business register, there is no need to send a separate notification

to the Data Protection Inspectorate. The Data Protection Inspectorate confirms receipt of the

notification. The company is responsible for ensuring that the data protection officer is qualified

and suitable for the role.

For more information on personal data processing, we recommend reviewing the information

available on the website of the Data Protection Inspectorate (including who can serve as a

company’s DPO, who is actually responsible for proper data processing, and the explanations

provided in the general guidelines for data controllers).

It is important to remember that the DPO must be able to communicate with both data subjects

and the supervisory authority in Estonian language.

Respectfully

Liina Kroonberg

lawyer

authorized by Director General