Data protection and privacy—Serbia—Q&A guide

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Data protection and privacy—Serbia—Q&A guide
  • 1. Summarise the legislative framework for the protection of personally identifiable information (PII). Does your jurisdiction have a dedicated data protection law? Is the data protection law in your jurisdiction based on any international instruments on privacy or data protection?
  • 2. Which authority is responsible for overseeing the data protection law? Describe the investigative powers of the authority.
  • 3. Are there legal obligations on the data protection authority to cooperate with other data protection authorities, or is there a mechanism to resolve different approaches?
  • 4. Can breaches of data protection law lead to administrative sanctions or orders, or criminal penalties? How would such breaches be handled?
  • 5. Does the data protection law cover all sectors and types of organisation or are some areas of activity outside its scope?
  • 6. Does the data protection law cover interception of communications, electronic marketing or monitoring and surveillance of individuals? If not, list other relevant laws in this regard.
  • 7. Identify any further laws or regulations that provide specific data protection rules for related areas.
  • 8. What forms of PII are covered by the law?
  • 9. Is the reach of the law limited to PII owners and processors of PII established or operating in the jurisdiction?
  • More...

Data protection and privacy—Serbia—Q&A guide

This Practice Note contains a jurisdiction-specific Q&A guide to data protection and privacy in Serbia published as part of the Lexology Getting the Deal Through series by Law Business Research (published: May 2020).

Authors: BDK Advokati—Bogdan Ivanišević; Milica Basta

1. Summarise the legislative framework for the protection of personally identifiable information (PII). Does your jurisdiction have a dedicated data protection law? Is the data protection law in your jurisdiction based on any international instruments on privacy or data protection?

The Data Protection Act 2018 (DP Act) governs the collection and use of PII. The DP Act for the most part copies the provisions of the EU General Data Protection Regulation (GDPR).

Sectoral laws also apply to PII processing in particular areas.

2. Which authority is responsible for overseeing the data protection law? Describe the investigative powers of the authority.

The Serbian data protection authority responsible for overseeing the implementation of the DP Act is the Commissioner for Information of Public Importance and Personal Data Protection (the Commissioner).

The Commissioner has numerous investigative, corrective, and authorisation and advisory powers, which correspond to those exercised by supervisory authorities in the EU member states pursuant to article 58 of the GDPR.

As a supervisory authority, the Commissioner has the power to supervise PII controllers by means of inspections. The inspectors act upon information acquired ex officio or received from complainants or

Popular documents