In a critical move to face the rapidly evolving technological novelties and their immanent implications on the protection of personal data and the business environment in general, the Serbian Government adopted the Personal Data Protection Strategy 2023 – 2030 (the “Strategy”) late this August.

Does your business produce computers or other electronic or electrical equipment? Maybe you make machinery and equipment, pharmaceuticals, medical devices or food? Do you have 50 or more employees? Then your company is likely to be subject to the new cybersecurity regulations. The same applies if your activities are in the chemical industry or you provide a variety of digital services – for instance cloud computing, data centre services or online marketplaces.

Since the beginning of this year, the Personal Data Protection Office has issued fines of almost CZK 4,500,000 for breaches of the GDPR in connection with the processing of personal data via cookies.

On July 10, 2023, the European Commission (“Commission“) adopted its adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”). The decision concludes that the United States (“US”) ensures an adequate level of data protection – comparable to that of the European Union (“EU“).

The upcoming parliamentary elections at the end of September are the talk of the town in Slovakia, with a slew of interesting legislative changes – including those covering whistleblowing, corporate restructurings, and construction – coming in before the buzzer, according to Wolf Theiss Managing Partner Katarina Matulnikova.

May 2023 marks five years since the application of the General Data Protection Regulation, better known as "GDPR", and its requirements still pose a number of challenges for organizations. On one hand, this is because ensuring compliance with GDPR is not a "one-time exercise" but a continuous process "from within", requiring synchronization with all other activities in the organization. On the other hand, companies must also take into consideration innovations "from the outside", including new regulations and technologies, by promptly addressing data protection risks.