Guidance for interpretation of the Serbian Data Protection Act

Senior associate Milica Basta participated at the online conference “Data Protection – 2021” organised by the agency Forum Media from Belgrade. The event took place on 29 November 2021. More than 20 professionals from public and private sector entities attended.

Milica spoke about the tools for interpretation of the Serbian Data Protection Act (2018) when there is no available practice of the Serbian supervisory authority or courts. As the law is for the most part a copy of the EU General Data Protection Regulation (GDPR), Milica pointed to documents issued by the EU and member states’ supervisory authorities and courts, that serve as guidance for the application of Serbian data protection law.

Milica referred to specific decisions and guidelines, issued by the EU-based courts and supervisory authorities, which have assisted BDK Advokati in advising clients on the issues such as:

  • When is a data protection impact assessment (DPIA) required?
  • Is documenting a legitimate interests assessment (LIA) mandatory, and, if so, when?
  • May an employer process personal data about employee’s vaccination against SARS-CoV-2?
  • What must a law prescribe in order for “legal obligation” to be the legal basis for the processing of personal data?
  • What is the legal basis applicable to photographing and filming employees at company events and to publishing photographs and recordings on the company website?

Milica also took part in a panel discussion where the speakers answered the questions from the participants.

Milica’s presentation can be accessed here (in Serbian).

Milica shared the floor with Zlatko Petrović, Assistant Secretary General at the Office of the Commissioner for Information of Public Importance and Personal Data Protection, and data protection lawyers Dragan Milić and Nenad Cvjetićanin.


Photo by Shubham Dhage on Unsplash