The new Law on Personal Data Protection (“Off. Gazette of the RS“ no. 87/2018) – “the Law“ has entered into force in November 2018 and it should be applied from August 21st 2019. The newly appointed Commissioner for Information of Public Importance and Personal Data Protection (“The Commissioner“) has approached the National Assembly of the Republic of Serbia requesting one year delay for the implementation and enforcement of the Law.
In his letter to the chairman of the National Assembly, the Commissioner is arguing that the delay in the application of the Law should be granted because the authorities including the Commissioner and his staff, as well as Serbian companies are not properly prepared to apply the Law from this August due to lack of techical capacities and competent personnel in charge for the application and implementation of the Law.
It is, however, unclear how the Commissioner expects for his approval to be either accepted or rejected in light of the fact that the National Assembly will meet and begin with the ordinary sessions only in the first working day in October 2019, that is 40 days after August 21st 2019, when the Law formally is applicable and what will happen in the meantime, will the Law be applied or not.
In any case, numerous Serbian companies have invested significant resourses to comply with the GDPR and with the Law since their business is in connection with the EU and therefore they are obliged to comply with the GDPR and the potential delay in the application of the Law would therefore affect only the Serbian companies not having the business with the EU counterparts. Putting on hold the application of the Law will put the Serbian companies having to comply with the GDPR in situation to simoultaneously apply two different legal data protection standards, all until the application of the Law.