Does HR data processing require registration under data protection laws?
Data protection laws sometimes include conformity assessments, which help to ensure businesses follow regulations. Requirements can include registration before the Data Protection Authority and random audits.
Under Serbia’s Data Protection Law (2018), there is no obligation to register with the data protection authorities. That said, data controllers (such as employers) and data processors are required to maintain records of data processing activities when the business employs more than 250 individuals.
In certain cases, employers with less than 250 employees may be required to maintain records of data processing activities. Recordkeeping may be required when: processing is likely to result in risk to the rights and freedoms of employees (and other data subjects); the processing is not occasional (i.e. personal data is regularly processed); or, processing includes special categories of data or personal data that relates to criminal offences/convictions.