The Serbian Parliament adopted on Friday (November 9th, 2018) the Personal Data Protection Law, which is in line with the European General Data Protection Regulation (GDPR). The Law is binding to both private and public sector.
“The new regulation establishes a drastically higher level of responsibility for organizations that collect and process personal data. The law covers a variety of different situations, especially when the data is comprised (leaked). In this case, data users and line institutions should be notified of the data being compromised within 72 hours”, says Dragan Prlja, a research associate at the Institute for Comparative Law.
Draconian fines of up to as EUR 20 million or 4% of the organization’s total annual turnover in the previous year are a sufficient reason for Serbian companies and public entities to immediately start harmonizing their operations with the GDPR.
Want to open a company in Serbia? Click here!
“The existing rights that are also more precisely regulated like the right to access data, the right to correct, restrict and delete data, as well as the right to objection. For the first time ever, we have regulated rights regarding data transferability and the right to prevent automatic data processing, including profiling”, says Dragan Prlja.
He adds that the right to delete data says that citizens can request for data to be deleted if they have withdrawn their consent to the processing of data.
“The organizations that collect and process personal data can do so if they get unambiguous and clearly expressed consent of one of the persons who own the data belongs and can only use them for a clearly defined purpose. After that purpose is fulfilled, data is no longer necessary and it must be deleted. Organizations must pay attention to the fact that the persons who gave consent have the opportunity of withdrawing the consent at any time”, explains Andrej Diligenski, Data Protection Expert.
The organizations that collect personal data of citizens must upgrade their current procedures for managing personal data through a series of new, more stringent requirements.
The provisions of the GDPR already apply to all organizations, institutions and companies in Serbia that process personal data of EU citizens in their business.
This post is also available in: Italiano