The New Law on Personal Data Protection (hereinafter: the “Law”) entered into force on November 21, 2018. However, the application of the Law is postponed for another nine months. The only exception to this rule is Article which prescribes termination of the Central Registry of Databases as of the day when the Law enters into force. The existing data from the Central Registry of Databases shall be archived.
However, concerning the numerous allegations and interpretation of the new Law in public, the Commissioner for Information of Public Importance and Personal Data Protection (hereinafter: the “Commissioner”), issued an Announcement explaining that the controllers and processors of personal data still have the same obligation under the Law.
Either by an oversight or another reason, the Articles of the old Law have not been repealed, which stipulate the obligation to form, maintain and keep the data collection evidence up-to-date, the obligation to deliver the notice on intention to collect and use personal data to the Commissioner, as well as the obligation to deliver the data collection evidence and changes regarding those evidence to the Commissioner (Art. 48, 49 and 51(1)). Consequently, all of the obligations prescribed by the previous Law are still existing. Furthermore, violation of these obligations is considered a minor offense.
The representatives of our Law Firm attended the panel on the topic “The New Law on Personal Data Protection” in Startit Center Belgrade. The set of panelists included the Commissioner, as well as representatives of civil sector organizations and bodies. The panelists discussed the new Law, the GDPR compliance and advantages and disadvantages of this subject, as well as the importance of personal data protection.
The most important criticisms of the new Law were outlined, which are not negligible, but also the examples of good practices at the beginning of the implementation of the new Law and a completely new manner of dealing with personal data protection.
The Commissioner stated that the Law ignores a large number of severe issues, which have previously been the subject to the Commissioner’s intervention, as the most important criticism of the new Law. In this respect, the Commissioner particularly mentioned the issue of video surveillance, which the Law fails to regulate.
Likewise, the language of the new Law was criticized as well. According to the panelists, it is difficult to understand what the Law regulates in certain parts, even for those who are knowledgeable in the area of personal data protection. As the Law regulates fundamental human rights, the language has to be clear for everyone.
On the other hand, the panelists agree that the GDPR compliance in Serbia is necessary for the process of accession of Serbia to the EU, regarding harmonization of the legal framework, as well as in order to provide the same level of personal data protection as in the EU. However, the formal GDPR compliance in Serbia would be useless unless there are conditions for an effective practical application. The panelists warned that would lead to a situation with great European laws but without any chance for their application in practice. You may read further on that topic in our blog post – Ministry of Justice got lost in translation – again?.
Although the complexity and illegibility of the new Law are emphasized as key issues, the panelists remind that the Law cannot be interpreted without the part of the European Law upon which the new Law is based. In that respect, the GDPR recitals and decisions of the European courts play the most crucial role.
The upcoming nine months are paramount and should be used to prepare private companies for an application of the new Law, as well as to explain the main principles the GDPR provides. However, the implementation of the GDPR in Serbia should not be understood as a nine-month long process that ends with the application of the new Law. As the field of personal data protection is extremely dynamic, it is necessary to constantly be in touch with the innovation.
