26
Fri, Apr
27 New Articles

Serbia – Data Protection Strategy Proposal for 2023-2030

Serbia – Data Protection Strategy Proposal for 2023-2030

Serbia
Tools
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

The Serbian Ministry of Justice released a Data Protection Strategy Proposal for 2023-2030 and invited stakeholders to participate in public discussion. The document sets an ambitious goal: harmonisation of data protection legislation with acquis communautaire resulting in obtaining EU decision on the adequate protection of personal data and resulting in a free flow of personal data with EU. We would be glad to participate in public discussion providing suggestions resulting from our long-term practice for the improvement of the proposal.

On June 11, 2021, the Serbian Government formed a Working Group consisting of all relevant stakeholders processing personal data in the state administration, representatives of the Commissioner, courts and prosecution office competent for data protection matters with the task to draft a Data Protection Strategy Proposal for 2023-2030 and Action Plan for Strategy implementation. The Ministry of Justice, a competent state body for proposing public policies in the field of data protection released Data Protection Strategy Proposal for 2023-2030 (Proposal) on March 15, 2023.

It is the first time during 25 years of application of data protection in Serbia that such an ambitious goal in some public document is proclaimed – to harmonise data protection legislation with acquis communautaire and to receive verification by EU – to be recognised as the country with adequate protection of personal data.

I Reference and Connection with other Documents

The Proposal makes a reference to:

a) existing applicable Serbian public policies important for the development of data protection such as public policy for the development of artificial intelligence, development of information security and information society, promotion of digital skills, prevention of violence against women and violence in the family, consumers’ protection, promotion of the position of persons with disabilities, integral governance at borders. The Proposal explains the connection and applicability of data protection in these areas;

b) European integration processes and framework by which the European Union assesses the progress of EU membership candidates in the field of data protections such as: the International Covenant on Civil and Political Rights, UN Convention on the Rights of the Child, General Data Protection Regulation, Police Directive, the Council of Europe Convention 108, European Convention for the Protection of Human Rights and Elementary Freedoms;

c) the applicable Serbian regulations governing data protection enforcement and sectorial laws subject to the protection of personal data.

II Goals to Be Achieved and Measures to Achieve the Goals

The common goal to be achieved: is respect for the right to protection of personal data in all segments of life.
The common goal is to be achieved by achieving the indicator of effects of the Strategy - EU Commission Decision on Adequate Protection of Personal Data;
and by achieving the following three specific goals of the Strategy:

a) Promoted functional mechanisms for the protection of personal data;

b) Promotion of conscience on the importance of protection of personal data and manners for the accomplishment of the rights;

c) Improved system of protection of personal data in regard to the development and implementation of information communication technologies in digitalisation processes.

a) Promoted functional mechanisms for the protection of personal data

This goal is to be achieved by achieving two indicators of effects: i) enabled transfer of personal data between EU and Serbia without administrative burdens; ii) the possibility to submit a complaint related to breach of data protection rights and to track the flow of complaints electronically

This goal shall be achieved by the following measures:

Measure 1 - to be coordinated by the Ministry of Justice

  • Amendment of the Law on Personal Data;
  • Amendment of Law on Misdemeanours applying solution, which is applied in case of Commission for Protection of Competition, i.e., authorising the Commissioner to impose fines in the range as defined in GDPR;
  • Improved Criminal Code;
  • Harmonisation of sectorial laws with the Law on Personal Data

Measure 2 – to be implemented by the Commissioner

  • Opening of the new offices of the Commissioner in Nis, Novi Sad and Kragujevac (3);
  • Increased number of qualified DPOs in state bodies (300);

Measure 3 - to be implemented by the Commissioner

  • Increased number of natural persons who completed specialised education programme at university engaged by controllers and processors (3000);
  • Increased number of controllers and processors which communicated DPO contact details to the supervisory authority DPO (12000);
  • Number of controllers and processors which adopted internal documents (3000);
  • Number of controllers and processors which established register of processing activities (15000);
  • Increased number of foreign controllers and processed which have appointed representative in Serbia (100);
  • Increased number of resolved files (complaints, misdemeanour, criminal) – 100%.

b) Promotion of conscience on the importance of protection of personal data and manner for the accomplishment of the rights

This goal is to be achieved by achieving the indicator of effects - an increased number of visitors to the Commissioner's website, communication through call centres and sending e-mails, complaints, etc. (50,000 per year).

Measure 1 – to be implemented by the Ministry of Education

  • Increased number of subjects in education plans and programmes containing data protection topics and digital privacy (5);
  • Increased number of teachers trained for teaching data protection matters (2,000);
  • Increased number of subjects at universities containing data protection topics and digital privacy (20);
  • Increased number of students acquiring education in the field of data protection (50, 000)

Measure 2 – to be implemented by the National Administration Academy

  • Number of accredited educational programmes covering thematic topic of data protection (5);
  • Number of trained personnel in state administration in the data protection (1, 000);

Measure 3 – to be implemented by the Judiciary Academy

  • Number of training programmes covering thematic topic of data protection (2);
  • Number of trained judges and public prosecutors trained for data protection matters (1, 000).

Measure 4 – to be implemented by the Commissioner

  • Number of seminars and campaigns in the field of data protection (100);
  • Number of attendants at seminars and campaigns in the field of data protection (5, 000);
  • Number of specialised publications in the field of data protection (50).

c) Improved system of protection of personal data in regard to the development and implementation of information communication technologies in digitalisation processes

This goal is to be achieved by achieving two indicators of effects: i) drafting guidelines for carrying out Data Protection Impact Assessment (DPIA); ii) a percentage of software solutions for which DPIA carried out in accordance with guidelines for carrying out DPIA.

Measure 1 – to be implemented by the Office for Information Technology and eGovernment

  • Adoption of laws governing automated processing of genetic, biometric and personal data processed by usage of video and audio surveillance (2023-24)

Measure 2 – to be implemented by the Commissioner

  • Number of state bodies and legal entities engaged in processing of genetic/biometric data (10);
  • Number of natural persons specialised for processing of genetic/biometric data (50);
  • Number of state bodies and legal entities engaged in processing of personal data processed by usage of video and audio surveillance (30);
  • Number of state bodies and legal entities engaged in processing of personal data processed by usage of video and audio surveillance (30).

III Implementation of the Goals and Measures and Monitoring

The Ministry of Justice is responsible for the implementation of the Strategy and the Action Plan.

Monitoring of the implementation of measures and activities will be defined by the Action Plan and shall be carried out by the Working Group. The Working group will be formed by the Ministry of Justice within 90 days of the adoption of the Strategy and will be consisted of all relevant stakeholders processing personal data in the state administration, representatives of the

Commissioner, courts and prosecution office competent for data protection matters.

All tasks of the Working Group will be defined by the decision of the Ministry of Justice.

The Working Group is obliged to provide annual reports which will be published by the Ministry of Justice.

To measure the effects of the Strategy, the Ministry of Justice will organise three post-analysis – one at the end of 3rd year of implementation of the measures, the second in 2028 and the third one in 2030.

By Ivan Milosevic, Partner, JPM Jankovic Popovic Mitic

JPM Partners at a Glance

We are a full service commercial law firm in Serbia, with over 30 years of successful practice in SEE region and true and lasting partnerships with our clients.

Our diverse teams of lawyers are focused on practice in specific legal areas, handling some of the most high-profile multijurisdictional matters in energy, project development, mining, foreign investments, corporate and commercial. We are highly sought-after for legal advice in creative industries, environmental law and white-collar crime, as well as intellectual property, international arbitration, labor and data protection

As an exclusive member of Lex Mundi – the world’s premiere network of leading independent law firms, we interconnect and reach globally. Regionally, we advise clients in Montenegro directly, through well established partnership with ‘JPM Montenegro Partner Vukmirovic Misic law firm’ and close working relationships with selected first-rate firms in the region. Working together with our domestic and international clients on their most significant transactions and around entry to Serbian market, allows us to operate as the perfect hub for SEE and other cross-border transactions.

Our clients operate in increasingly competitive landscape and we are identifying new methods of using legal technology, to help them increase efficiency, save time and streamline work processes - document management, billing and accounting. By adopting LUMINANCE AI platform for legal professionals, we use machine-learning for contract analyses across our practice groups, as well as eDiscovery revolutionary software to simplify operations in all forms of litigation.

With exclusive access to EQUISPHERE – Lex Mundi Innovative service model, our clients can design their own legal team by choosing the best lawyers in the relevant jurisdictions, sharing documentation and communicating with all teams at any time, from a single point of contact.

Consistently recognized as a top-tier law firm, both by clients and leading independent legal directories Chambers & Partners, Legal 500 and IFLR1000, we remain committed to delivering highest quality service to our clients and help them succeed in overcoming cross-border challenges. We remain committed to continuously share our knowledge by regularly publishing articles, giving lectures and organizing international conferences.

Firm's website: http://jpm.rs/