Does HR data processing require registration under data protection laws?
Data protection laws sometimes include conformity assessments, which help to ensure businesses follow regulations. Requirements can include registration before the Data Protection Authority and random audits.
Prior to processing personal employee information in Serbia, employers are required to register two separate data files with Serbia’s data protection Commissioner:
- a file with employee data; and
- a file with employee salaries.
These two mandatory files do not require pre-approval from Serbia’s Commissioner.
In addition, employers in Serbia who collect more employee data than required should register the additional employee data files (this is especially true of dependent legal entities of a foreign company). This data is collected on the basis of the explicit approval of employees. A data collection request must be submitted to the Commissioner in advance of collecting any information through a Form on Notification on Data Processing, which includes the:
- name of the data file;
- type of processing action;
- type of data;
- name, registered office and address of the employer;
- start date of employee data file processing or creation;
- reason for processing employee information;
- legal ground(s) for processing/creating a data file;
- category of data subjects;
- type and level of confidentiality;
- manner of collection and storage;
- period of storage/use;
- name, registered office and address of the data user (HR teams, authorities, etc.);
- indication of cross-border data flow from or to Serbia;
- measures taken to protect the data;
- requests relating to data processing; and,
- if necessary, the form of consent employees will sign.
Employees must be given notice relating to the collection and processing of their personal information.
HR Best Practices: Given that Serbia is in the process of joining the European Union, it is possible that the registration requirement will disappear in the next several years. For now, HR teams should register employee and applicant data with Serbia’s Commissioner in advance of collecting any personal information.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.