What obligations do companies have in protecting personal data?

Thanks to the new Law on Personal Data Protection, individuals can request companies which possess information about them to divulge what kind of information that is, for what purposes they are using it, and demand from companies for this information to be deleted.

This was said at a panel discussion that took place yesterday, and which was organized by PWC Serbia. In attendance were domestic and foreign companies in Serbia, including Telekom Serbia and Lidl.

With the adoption of the new Law on Personal Data Protection, Serbia has harmonized its regulations with the stipulations of the EU’s General Data Protection Regulation (GDPR), which entered into force in late May 2018.

Want to open a company in Serbia? Click here!

GDPR has led to a comprehensive change in the processing and protection of personal data (from technology to advertising, through medicine and banking), and the novelty is, as pointed out at the panel discussion, is that the GDPR provisions must be applied by companies that are not based in the EU, providing they process EU citizens’ data.

In the event of non-compliance with the provisions of the GDPR, significant fines are foreseen, which can amount to up to 20 million EUR, or 4% of the company’s global turnover.

The panel participants have said that Serbia harmonizing its Law on Personal Data Protection with the General Regulation on the Protection of European Union Personality Data (GDPR) is a good contribution to the harmonization of our country’s regulations with the EU’s which will create space for more flexible regulation of particular issues.

“Our Data Protection Law is very similar to GDPR. Our state authorities will control the adequate implementation of the law, and, in turn, supervise the implementation of the GDPR in our country because these two regulations are quite similar”, said Predrag Milovanovic from PWC Serbia.

He added that it would be a challenge for domestic courts to get acquainted with the whole matter and find a way to apply the regulations in the judicial system in the best possible way.

On the other hand, Zlatko Petrovic, Assistant Secretary General in the Commissioner’s Department for Supervision, believes that the new Law on Personal Data Protection will be extremely problematic because, as he says, the very text of the new Law on Personal Data Protection is difficult to understand, and is even more difficult to apply.

The law will enter into force nine months after its adoption, in order to leave enough time for companies to harmonize their business operations with its provisions.

The law stipulates new rights in relation to the protection of personal data in a similar way to GDPR, as well as fines for violating its provisions.

(eKapija, 11.12.2018)


This post is also available in: Italiano

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *

scroll to top
× Thinking to invest in Serbia? Ask us!