What laws apply to the collection and use of individuals’ personal information?
Data privacy laws have become more prominent in recent years. As the amount of personal information available online has grown substantially, there has been an enhanced focus on the processing of personal data, as well as the enforcement of such laws.
Data protection in Serbia is primarily regulated by the new Serbian Data Protection Law (Official Gazette of the Republic of Serbia, No. 87/2018) (DPL) and related bylaws. In addition, the Serbian Labor Act (Art. 83) includes a provision which regulates the personal data protection of employees.
The DPL, which went into effect on August 21, 2019, bears a number of similarities the European Union’s General Data Protection Regulation. The DPL sets the requirements that data controllers (such as employers) and processors must follow in order to process personal and special categories of data. Special categories of data include data relating to: race/ethnicity; political opinions, religious/philosophical beliefs; trade union membership; genetic data, biometric data for the purpose of uniquely identifying a natural person; data relating to health; a natural person’s sexual life or sexual orientation.
The authority responsible for enforcement of data privacy law and regulations in Serbia is the:
Commissioner for Information of Public Importance and Personal Data Protection
The Commissioner performs all duties/jobs related to personal data protection as an independent public body of authority.