Loreta Andziulytė

Practice Areas

Employment & Migration, Data Protection, ICT & AI Regulation, Regulatory Compliance

Loreta Andziulytė is a partner, attorney-at-law, and Head of the Employment, Data Protection and ICT Regulation, Corporate & Commercial practice at ECOVIS ProventusLaw, advising clients on complex regulatory, compliance, and technology-driven legal matters across Lithuania and the Baltic region.

In Employment and Labour, she supports employers with complex workforce structuring, HR compliance, cross-border employment arrangements, internal policies, employee data governance, and organisational change, including restructurings, remote work models, and international mobility. She is regularly involved in designing employment frameworks for regulated and fast-growing businesses operating across multiple jurisdictions.

She has extensive experience in data protection (GDPR), ICT regulation, cybersecurity governance, and emerging AI compliance frameworks, with a strong focus on practical implementation of regulatory requirements within business operations. Her practice covers both advisory and contentious matters, including regulatory investigations, compliance audits, enforcement risk management and strategic remediation projects.

Her experience in the technology and digital sectors includes advising software providers, platform operators, and AI-driven businesses on workforce structuring, data protection in HR processes, ICT governance, and the compliance aspects of digital transformation, including the use of AI in employment-related decision-making.

She also works with professional services firms and multinational organisations on employment governance, cross-border HR compliance and harmonisation of workforce policies across jurisdictions.

Loreta regularly advises financial institutions, fintech companies, payment service providers, technology businesses and multinational groups on data governance structures, cross-border data transfers, data processing frameworks, and regulatory alignment of IT and outsourcing arrangements. She is particularly experienced in supporting organisations operating in highly regulated environments where data protection intersects with financial services regulation, operational resilience frameworks such as DORA.

Her ICT advisory work includes outsourcing compliance, cloud service arrangements, ICT risk management frameworks, incident response obligations, and internal governance systems for digital operations. She also supports clients in aligning business models with evolving EU digital regulation, including AI-related compliance considerations and risk classification under emerging regulatory regimes.

Loreta is recognised for combining strong regulatory expertise with a clear understanding of operational realities, enabling clients to translate complex legal requirements into workable, business-oriented compliance solutions. She frequently supports internal audits, regulatory-readiness assessments, and supervisory engagement strategies.

Her approach is highly pragmatic, focusing on building sustainable compliance frameworks that withstand regulatory scrutiny while supporting business scalability and innovation in digital and data-driven sectors.

Professional Memberships

Certified as an Information Privacy Professional/Europe by the International Association of Privacy Professionals (IAPP).

Loreta is a certified data protection specialist and head of the data protection team, who professionally guides financial and other institutions, both local and international, through data protection issues. She is also head of the firm’s telecommunications and technology team in Lithuania, having more than 20 years of experience and knowledge in this field.

Member of the Lithuanian Bar since 2007.

Member of Legal Task Force at ECOVIS International.

Industry Sector Expertise

Loreta Andziulytė advises clients across a broad range of sectors, with particular strength in Employment and Labour, Financial Services, and Technology-driven industries where workforce, regulatory and data-related issues intersect.

In Employment and Labour, she supports employers with complex workforce structuring, HR compliance, cross-border employment arrangements, internal policies, employee data governance, and organisational change, including restructurings, remote work models, and international mobility. She is regularly involved in designing employment frameworks for regulated and fast-growing businesses operating across multiple jurisdictions.

In Financial Services and Fintech, Loreta advises banks, electronic money institutions, payment service providers, and other regulated entities on employment-related regulatory compliance, HR function governance, senior management arrangements, and the integration of employment processes with broader regulatory requirements, including AML, ICT, and data protection obligations.

She has significant experience in the Fintech sector, advising innovative payment, crypto-asset and digital finance businesses on data protection frameworks, ICT risk management, AI-related compliance considerations and the integration of regulatory requirements into rapidly evolving business models.

In the Technology and Software sector, Loreta supports SaaS providers, platform operators, IT service companies, and AI-driven businesses with data governance, cross-border data transfers, cybersecurity obligations, cloud outsourcing structures, and the implementation of scalable compliance frameworks aligned with EU digital regulation.

Her practice also extends to Telecommunications, where she advises on complex data processing environments, network infrastructure compliance, cybersecurity requirements and ICT regulatory obligations, particularly in relation to operational resilience and incident management frameworks.

Her experience in the technology and Digital sectors includes advising software providers, platform operators, and AI-driven businesses on workforce structuring, data protection in HR processes, ICT governance, and the compliance aspects of digital transformation, including the use of AI in employment-related decision-making.

She also works with professional services firms and multinational organisations on employment governance, cross-border HR compliance and harmonisation of workforce policies across jurisdictions.

Across all sectors, Loreta is recognised for her ability to connect employment law with broader regulatory, data protection and ICT frameworks, enabling clients to implement practical, compliant and scalable workforce solutions in complex and evolving business environments. She regularly supports clients operating in multi-jurisdictional environments, ensuring consistent compliance approaches across group structures and cross-border operations.

Her sector focus reflects a strong intersection of regulatory law, digital transformation and operational risk management, enabling clients to navigate evolving EU data protection, ICT and AI regulatory frameworks with confidence and clarity.

Languages Spoken

Lithuanian, English, German, Russian.

Publications

Loreta Andziulyte regularly advises organisations on GDPR, workplace monitoring, technology governance, and regulatory compliance matters at the intersection of employment law and data protection.

Employee Monitoring under GDPR: When Workplace Surveillance Becomes a Compliance Risk

Video Surveillance and Audio Recording in the Workplace: GDPR Proportionality Test in Practice (VDAI Enforcement Insight)

Video surveillance in workplaces is often introduced as a standard security measure, but recent enforcement practice by the Lithuanian supervisory authority (VDAI) confirms that such processing must be strictly assessed against GDPR principles of necessity and proportionality.

In its February 2026 decision concerning a healthcare institution, the regulator confirmed that while CCTV may be justified in common areas on the basis of legitimate interests, surveillance in sensitive operational zones may be disproportionate if it captures patient interactions or employees’ workstations. The decision also reinforced that audio recording significantly increases the level of interference with data subjects’ rights and requires a substantially higher justification threshold under the GDPR.

The case further highlights that retention periods, access control, and technical security measures are not merely operational issues but core GDPR compliance obligations under the principles of data minimisation, integrity, and confidentiality.

The enforcement action underscores the importance of structured legal assessments, including legitimate interest balancing tests and, where appropriate, Data Protection Impact Assessments (DPIAs), before deploying monitoring technologies in workplace or service environments.

Full article: https://ecovis.lt/employee-monitoring-in-2026-just-because-technology-allows-it-doesnt-mean-gdpr-does/

Work Highlights

ECOVIS ProventusLaw partner and attorney-at-law Loreta Andziulytė advises leading fintech, financial institutions, and regulated technology companies on complex employment, data protection, ICT governance, and digital operational resilience matters, with a focus on EU-regulated financial services under supervisory oversight.

Loreta Andziulytė advises electronic money institutions, payment service providers, crypto-asset businesses, and fintech groups on cross-border employment structuring and workforce governance, including senior management arrangements, executive mobility, relocation structures, and multi-jurisdictional employment frameworks aligned with regulatory substance and supervisory expectations.

She regularly advises on cross-border employment and relocation of key personnel across the EU and third countries, including analysis of employment law, social security coordination, tax exposure, and regulatory substance requirements for licensed financial institutions.

Andziulytė has significant experience in employment disputes involving regulated and international employers, including unlawful termination, senior management liability, and cross-border classification disputes involving EU jurisdictional conflicts and mandatory protections.

She is frequently instructed on strategic workforce structuring in regulated financial institutions, including governance-linked employment arrangements, allocation of management responsibilities, and alignment with AML/CTF, safeguarding, ICT, and DORA-related supervisory expectations.

Loreta also advises on internal employment governance matters, including senior executive exits, internal investigations, workplace compliance frameworks, and employment risk arising from regulatory inspections and supervisory findings.

Her employment practice is closely integrated with financial regulation, where employment structures impact licensing compliance, governance adequacy, and regulatory assessment of operational substance.

In parallel, Loreta Andziulytė is recognised for her expertise in data protection, ICT governance, and digital operational resilience in regulated financial services.

She advises electronic money institutions, payment service providers, and crypto-asset businesses on GDPR compliance programmes, including governance design, data lifecycle management, international transfers, and integration of privacy frameworks into regulated operations.

Loreta Andziulytė is regularly instructed on high-risk GDPR matters, including personal data breach response, forensic incident analysis, and regulatory notification strategy under Articles 33, 34 GDPR in supervisory-sensitive contexts.

She has experience in complex cross-border data transfers, including EU–third-country and EU–Asia structures, and in designing compliance frameworks combining SCCs, derogations, and Transfer Impact Assessments.

Her ICT and digital resilience work includes advising under DORA on ICT governance, outsourcing risk, incident response structures, and operational resilience alignment with supervisory expectations.

She also advises on AI governance and automated decision-making compliance, including transparency, accountability, and human oversight requirements in fintech environments.

Loreta is recognised for integrating data protection, ICT, and financial regulation (AML/CTF, safeguarding, outsourcing), enabling compliant implementation without disrupting regulated operations.

She leads complex compliance transformation projects for fintech platforms, payment institutions, and crypto-asset businesses aligned with GDPR, DORA, MiCA, and NIS2.