Are there any data breach notification requirements?
A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Local data protection regulations have required data controllers to report such breaches in certain circumstances.
In Serbia, there is no law requiring notification to supervisory authorities or to individuals impacted by data breaches. That said, if an inspector determines any breach in accordance with the law, the legal person/data controller responsible could be fined.
HR Best Practices: Incidents in the employment context which might trigger a requirement to notify include a laptop left on a train, or an email containing HR information sent massively to incorrect addresses. In the event of a possible data breach relating to HR data, the best solution is to take action to correct the breach. Note that even if the breach is corrected, there is still a risk that the Commissioner will initiate legal proceedings.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.