A Law on the Protection of Personal Information (Official Gazette No.°1/2002) regulates the protection of physical persons in the processing of personal data and the access to these data. The objective of the law is to guarantee the inviolability of persons and personal life, as well as to protect physical persons from illegal processing of personal data and to regulate access to such data. Under the provisions of this law, “personal data” is defined as “information about the physical person, which reveals his physical, mental, psychological, marital, economic, cultural or civil identity”.
The General Data Protection Regulation came into force on May 25, 2018, after it was adopted in 2016. In Bulgaria, changes to the Law on the Protection of Personal Information were promulgated nearly a year later at the end of February 2019. There are registered breaches of GDPR in Bulgaria. The two biggest violations in the country so far are the breaches in the systems of the National Revenue Agency and OTP Bank.