Steps towards compliance with Serbia’s new Data Protection Act

Senior associate Milica Basta participated in a conference on initial results and most frequent dilemmas in the implementation of the new Data Protection Act. The conference, held on 27 November 2019 in Belgrade, gathered nearly 50 representatives of the companies operating in the Serbian market. The agency Forum Media organised the event.

Milica held a presentation on the steps that controllers and processors should take in order to achieve full compliance with the DP Act. She first analysed the types of documents which the companies must adopt as a matter of statutory obligation, including data processing notices and data processing or joint controllership agreements. Milica then pointed to the advantages of adopting non-mandatory internal policies, assessments, and guidelines, as the means of facilitating and demonstrating compliance.

During the panel discussion, Milica responded to the participants’ questions regarding the profiling in the context of employment and methods of creating the records of processing activities. Participants were also interested in the matters related to processing of sensitive data through the alcohol and drug testing of employees that Milica also addressed.

Other speakers at the conference were Zlatko Petrović, Assistant Secretary General in the Office of the Commissioner for Information of Public Importance and Personal Data Protection, and data protection lawyers Dragan Milić, Jelena Simić, and Miloš Stojković.