BDK Advokati in cooperation with AmCham Montenegro held on 18 December 2018 a seminar on the General Data Protection Regulation (GDPR) in Podgorica, for 70 participants from Montenegrin companies and law firms.
Bogdan Ivanišević, head of BDK Advokati team specialized in data protection & privacy, summarized the key characteristics of GDPR and explained how the Regulation extends to companies outside the EU, including those from Montenegro. He pointed to the presence of vague standards in GDPR which in the years to come will require further elucidation by data protection authorities and courts, in order for the controllers and data processors to be able to reasonably anticipate whether they act, or not, in a GDPR compliant manner.
Associate Marko Popović presented to the participants principles of lawful data processing under GDPR, and used numerous examples to show how abstract principles translate into specific requirements for controllers and processors. He also spoke about the six legal bases for lawful processing, with a particular focus on consent and legitimate interest.
Jelena Bogetić, associate in BDK Advokati’s Podgorica office, spoke about data subject’s rights and the controllers’ corresponding obligations.
Milica Basta, senior associate, offered detailed practical advice concerning controller’s and processor’s obligations, including in relation to the records keeping, impact assessment, prior consultation with supervisory authorities, designation of the data protection officer, and breach notification. She also analyzed the GDPR provisions on transfer of personal data to third countries.
Familiarity with the GDPR is also important for Montenegrin companies which do not process personal data of the data subjects in the EU. The upcoming changes in the data protection law in Montenegro will most probably mirror the GDPR approach.