AmCham Serbia hosted on 5 July 2019 a session on the main aspects of the new Serbian Data Protection Act. The topic attracted significant number of attendees, mainly general counsels and IT specialists from local companies – members of AmCham Serbia. Milica Basta, senior associate at BDK Advokati, was one of the speakers.
Milica started by elaborating on the legitimate interests as a newly introduced legal basis for data processing. She continued by describing conditions data controllers need to meet in order to lawfully export data out of Serbia, given that many companies in Serbia export data of their customers and employees as part of their business operations. In this regard, Milica emphasized that the prerequisites for exporting data without requiring any specific authorisation from Serbian supervisory authority are still missing. The Government has not enacted a decision on the list of countries where data may be exported without the authorisation and the supervisory authority has not enacted standard contractual clauses for the transfer of data abroad.
Milica explained what rights, according to the new Data Protection Act, individuals have towards data controllers. She addressed the conditions under which a person may request from data controller to erase or rectify personal data, or to transfer the data to some other data controller.
Milica also presented the rules under the new law governing the relationship between data controller and data processor. The two sides need to conclude a contract that regulates their relationship and among other things defines the conditions under which data controller may audit the data processor.
Other speakers at the briefing session were Milan Nikolić, Security Director at Telenor Srbija, Marko Marjanović, Digital Architect at Microsoft, and Miloš Stojković, senior associate at Živković Samardžić who acted as a moderator.