Inspection Control by Commissioner for Information of Public Importance and Personal Data Protection
The Commissioner for Information of Public Importance and Personal Data Protection (hereinafter the “Commissioner”), based on provisions of Articles 77-79 of the Law on Personal Data Protection (“Official Gazette of RS”, no. 87/2018) (hereinafter the “Law”), has started inspecting the implementation of the Law, by drafting and publishing on its webpage www.poverenik.rs, under “Personal Data Protection” section, control lists intended for data controllers that are government officials, and data controllers that are not government officials. The control lists contain a set of questions for self-assessment of the risk in the area of personal data protection. The Commissioner has been randomly requesting from data controllers to complete, sign and return a scanned copy of the control lists to him.
The Commissioner will use the report on self-assessment of the risk and on meeting the requirements set in the control lists to assess the risk and the scope of the inspection. The Commissioner will also develop a plan of inspection basing it on determined facts in the area of inspection and the assessment of risk. It is worth noting that the data provided in the control lists are subject to verification by the Commissioner and any misrepresentation or concealment of facts shall trigger legal consequences attributable to falsification of document content. Pursuant to Article 49 of the Law, data controllers are required to cooperate with the Commissioner in performance of his authorities. In the case of a failure to provide the Commissioner with the completed control lists, the Commissioner will deem there to be a higher probability of risk, which will be especially taken into consideration when developing an inspection plan.
Please make sure that your business is in line with the Law. For more information, please contact us at email@example.com.