New Law on Personal Data Protection
Source: eKapija+
Friday, 12.07.2019.
08:50
Comments
(Photo: Garsya/shutterstock.com)
The Law is an expected step forward, albeit coming with a significant delay, in the context of developments in Europe surrounding the GDPR and harmonization of our regulations as part of the accession process to the European Union.
In line with the GDPR, the Law brings numerous and fundamental novelties into the domestic legislation, especially if we have in mind that the current law had long ago become outdated and was de-facto inapplicable in modern business and living environment.
Therefore, the main goal of the Law has been to ensure, in the era of internet and information technologies, an adequate and efficient protection of personal data, guaranteed as one of the major human rights and freedoms under the Constitution of the Republic of Serbia.
This system of protection includes:
• clear and transparent regulation of general principles and legal grounds for lawful processing which must cover each and every instance of data processing,
• improved regulations governing the exercise of data protection rights by individuals,
• regulation, for the first time under a law, of mutual relations between the controller and the processor, including the liability in case of violation of an individual’s rights,
• better governance of data security by prescribing more security measures and procedures in case of a data breach,
• introduction of impact assessment prior to commencement of data processing (being mandatory in certain cases),
• more detailed regulation of data transfer outside of Serbia,
• introduction of new institutes, such as officer for personal data protection (corresponds to DPO in the European Union),
• new authorities of the Commissioner for Information of Public Importance and Personal Data Protection,
• etc.
Of course, although we now have a significantly improved legal framework, it remains to be seen in practice to what extent Serbian controllers and processors are really prepared for the commencement of the application of the Law in terms of adjusting their data processing with new statutory obligations and requirements.
Lastly, the Law prescribes monetary penalties up to 2 million dinars, an amount considerably lower than that under the GDPR. However, one should stay alert, since the adoption of the Serbian Law does not exclude a possibility (risk) of the application of the GDRP against Serbian controllers or processors in case they should, in the course of offering goods/services or monitoring behaviour, collect and process the data of individuals who are located in the European Union.
For any question you may have in regard to personal data protection you may contact me at [email protected].
Author: Predrag Groza, Attorney-at-Law, TSG Tomic Sindjelic Groza Law Office
Companies:
TSG Advokati Beograd
Tags:
TSG Tomić Sinđelić Groza Law Office
TSG
Law Office TSG
TSG Belgrade
Predrag Groza
officer for personal data protection
Law on Personal Data Protection
GDPR
European Union accession process
The Constitution of the Republic of Serbia
personal data protection
Comments
Your comment
Most Important News
Full information is available only to commercial users-subscribers and it is necessary to log in.
Follow the news, tenders, grants, legal regulations and reports on our portal.
Registracija na eKapiji vam omogućava pristup potpunim informacijama i dnevnom biltenu
Naš dnevni ekonomski bilten će stizati na vašu mejl adresu krajem svakog radnog dana. Bilteni su personalizovani prema interesovanjima svakog korisnika zasebno,
uz konsultacije sa našim ekspertima.