New Law on Personal Data Protection
The Law is an expected step forward, albeit coming with a significant delay, in the context of developments in Europe surrounding the GDPR and harmonization of our regulations as part of the accession process to the European Union.
In line with the GDPR, the Law brings numerous and fundamental novelties into the domestic legislation, especially if we have in mind that the current law had long ago become outdated and was de-facto inapplicable in modern business and living environment.
Therefore, the main goal of the Law has been to ensure, in the era of internet and information technologies, an adequate and efficient protection of personal data, guaranteed as one of the major human rights and freedoms under the Constitution of the Republic of Serbia.
This system of protection includes:
• clear and transparent regulation of general principles and legal grounds for lawful processing which must cover each and every instance of data processing,
• improved regulations governing the exercise of data protection rights by individuals,
• regulation, for the first time under a law, of mutual relations between the controller and the processor, including the liability in case of violation of an individual’s rights,
• better governance of data security by prescribing more security measures and procedures in case of a data breach,
• introduction of impact assessment prior to commencement of data processing (being mandatory in certain cases),
• more detailed regulation of data transfer outside of Serbia,
• introduction of new institutes, such as officer for personal data protection (corresponds to DPO in the European Union),
• new authorities of the Commissioner for Information of Public Importance and Personal Data Protection,
• etc.
Of course, although we now have a significantly improved legal framework, it remains to be seen in practice to what extent Serbian controllers and processors are really prepared for the commencement of the application of the Law in terms of adjusting their data processing with new statutory obligations and requirements.
Lastly, the Law prescribes monetary penalties up to 2 million dinars, an amount considerably lower than that under the GDPR. However, one should stay alert, since the adoption of the Serbian Law does not exclude a possibility (risk) of the application of the GDRP against Serbian controllers or processors in case they should, in the course of offering goods/services or monitoring behaviour, collect and process the data of individuals who are located in the European Union.
For any question you may have in regard to personal data protection you may contact me at predrag.groza@tsg.rs.
Author: Predrag Groza, Attorney-at-Law, TSG Tomic Sindjelic Groza Law Office
Most Important News
07.05.2024. | IT, Telecommunications
Biggest Angular conference in the region – NG Belgrade Conf 2024
06.05.2024. | Healthcare
Medical doctors and engineers from Nis design instrument which accelerates and improves efficiency of operating procedures – Negotiating with foreign companies about production
06.05.2024. | Healthcare
06.05.2024. | Construction, Tourism, Sports, Culture, Healthcare
Sijarinska Banja should soon get a new look – Project documentation for reconstruction of rehabilitation center complex being prepared
06.05.2024. | Construction, Tourism, Sports, Culture, Healthcare
09.05.2024. | Energy, Industry, Construction
Plant for the oil and oil derivatives processing planned in Smederevo; solar panel factory planned in Paracin
09.05.2024. | Energy, Industry, Construction
07.05.2024. | Industry, Construction
New Palfinger factory in Nis to start working in June
07.05.2024. | Industry, Construction
09.05.2024. | Industry, Transport
How the trains, procured by Serbia from China for the EXPO, could look like
09.05.2024. | Industry, Transport