REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (“the GDPR”) is to enter into force within less than two months, on May 25, 2018.

The GDPR is a result of four-year effort of all relevant European member-state stakeholders, aimed to create a unique regulatory data protection framework with two main goals: i) to improve data protection quality of the EU residents/non-residents in all the EU member states and worldwide; ii) to enable undisrupted flow of data within and outside the Union. The GDPR represents a European response to modern technologies and challenges of globalisation. The GDPR introduces some revolutionary changes in how companies run business, increasing responsibility of management for compliance with the GDPR.

A great novelty brought by the GDPR is its exterritorial scope of application. The GDPR applies to Serbian companies which either (i) offer goods and services on-line in the Union, or (ii) monitor behaviour of the EU residents, as far as their behaviour takes place within the Union.

All Serbian companies are best advised to start preparing their compliance with the GDPR, sooner rather than later, as the adoption of the new Serbian Data Protection Act (in compliance with the GDPR) is expected soon.

Sanctions for non-compliance of a business with the GDPR are quite draconic: up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover for the preceding financial year, whichever is higher. Apart from the fines, companies which do not comply with the GDPR, bear risks of reputational damage and loss of business partners.

This Guidance in Serbian introduces you to steps to be taken to ensure compliance with the GDPR. – DOWNLOAD