Data Protection Liasion

During last few years, starting back in 2017, there were a lot of different changes in regards to the privacy protection in EU, with most important being adoption of GDPR.

GDPR changed how the data was being processed, and established sets of rules and guidance’s that both organizations and companies need to follow, in order to make sure that the data processing is lawfully done. Other countries in EU and candidate countries, adopted GDPR, as well as updating their existing Data Protection Acts to be more in line with standards set by GDPR. Serbia, also made changes by adopting new Data Protection Act.

Did you know that even if you do not have representative office in Serbia, as long as you are process data of Serbian citizen that you need to appoint Data Protection Officer? In case when the company does not have office and in accordance to article 46 of Act of 9 November 2018 on Personal Data Protection “The controller and/or the processor shall authorize the representative referred to in paragraph 1 of this Article as a person to which, in addition to the controller or processor, and/or instead of them, the data subject, the Commissioner or another person can be addressed in respect of all the issues related to processing of personal data, for the purposes of ensuring compliance with the provisions of this Law.”

In accordance to Serbian Act of 9 November 2018 on Personal Data Protection (Official Gazette No. 87/18) article 56 paragraph 2 “The controller and the processor shall be obliged to designate a data protection officer where: 1) the processing is carried out by a public authority, except for the processing performed by the court for the purpose of exercising their judicial powers; 2) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; 3) the core activities of the controller or the processor consist of processing on a large scale of special types of personal data in compliance with Article 17, paragraph 1 or personal data relating to criminal convictions and offense referred to in Article 19 of Act.

In case your company does business and processes personal data from Serbian citizens in doing its business, we would like to offer you our services, in case you want to appoint Data Protection Officer.

Appointing data protection officer is necessary in accordance with Data Protection act which has been in effect since 21.08.2019, and which itself is based on General Data Protection Regulation (GDPR), that applies to EU citizens and countries.

We can help you with making sure that your company is lawfully processing data in Serbia as well to answer any request that may come based on your data processing.

Full text of the Data Protection Act in English: