Are there any restrictions on transferring personal data and how can these be overcome?
Cross-border data transfers affect all organizations that engage online IT services, cloud-based services, remote access services and global HR databases. Understanding the applications of lawful data transfer mechanisms is essential to validate recipients located in other nations.
Data transfers typically include the following examples:
- personal data communicated over the telephone, by email, fax, letter, through a web tool or in person to another country;
- IT systems or data feeds which lead to personal data being stored on databases hosted internationally;
- people/entities outside the country being able to access or "see" personal data held in Serbia; and,
- the use of personal data by third parties through external solutions, e.g., outsourcing, offshoring and cloud computing.
Employers in Serbia can transfer employee data to other nations in two cases:
- if the country the data will be transferred to is a signatory of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data; or,
- if the international transfer has been pre-approved by Serbia’s Commissioner.
The Commissioner may reject requests for data-transfer if the level of protection in the country the data would be transferred to is less than in Serbia and not in line with EU standards.
Any transfers of personal data to a country outside Serbia must be indicated on the registered data files Files that are sent to the Commissioner. Employers must also obtain written consent from employees to transfer their personal data outside of Serbia.
HR Best Practices: The use of applications in the cloud frequently results in the international transfer of employee data. In addition to the requirements above, note that Serbia may be joining the European Union in the next few years. This may result in a change to cross-border data transfer requirements.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.