Law on Personal Data Protection
The National Assembly of the Republic of Serbia has enacted a new Law on Personal Data Protection (the “Law”). The Law came into force on 21 November 2018, but will take effect on 21 August 2019.
Serbia enacted the Law in light of the new EU data protection scheme in the form of GDPR. In addition to the obligation of Serbia to harmonize its legislation with the laws of European Union and with the data privacy standards, the application over the years of the current law containing many outdated solutions (e.g. consent valid only when in writing, almost completely restricted data transfers to non-EU countries) led to the enactment of the Law.
Although the Law will take effect in August 2019, the Central Registry of Databases, established under the current law, came to a close with the enactment of the Law. This, however, does not mean that the data controllers will no longer have the obligations prescribed under the current law (e.g. keeping records of personal data and registration of the same with the Data Protection Authority – DPA); those will persist until the effective date of the Law.
The Law, inter alia, extends and specifies the competencies and powers of the DPA as an independent government body and harmonizes the competencies with relevant principles of the European Union. Some new basic terms have been introduced by the Law, e.g., it recognizes biometric data unlike the current law, however, it does not regulate video surveillance, which remains in the gray area.
The Law undoubtedly represents a great novelty in the way personal data are to be handled in Serbia. As the Law will become effective in August 2019, the following 9 months will pose a challenge, not only to commercial entities but to the public sector too, in their efforts to comply with the Law.
For more information, please visit https://pricapartners.com/latest/new-law-on-personal-data-protection/, or contact us at office@pricapartners.com.