Data Protection Act Principles for Business Managers

Data Protection Act Principles for Business Managers

  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

The rising importance of data protection practice inevitably affects even those who intentionally want to ignore it. There is already an infinite quantity of material about the new data protection regime. The practice is getting richer every day, which makes the interpretation of the existing legislation even more complex. As in other areas of law, there are no shortcuts. It is not possible to read from one specific source and to immediately get to the point of at least general understanding.

Still, there is a smart approach for non-experts which can help a lot in the preliminary estimation of compliance with the Serbian Data Protection Act (“SDPA”).

As in the General Data Protection Regulation (widely known as GDPR), principles envisaged by the SDPA are straightforward. These principles are at the heart of the SDPA. They set the spirit of the data protection regime in Serbia.

If your company’s data protection practice follows the logic of the six principles, it means that you may be on the right track.

On the contrary, if your company is not compliant with these principles, it means that you certainly need to work on your data protection practice.

Six SDPA key principles are:

  1. Lawfulness, fairness, and transparency;
  2. Purpose limitation;
  3. Data minimization;
  4. Accuracy;
  5. Storage limitation;
  6. Integrity and confidentiality.

The business manager faced with a question about whether their company data protection practice is doing a good job, may firstly to go through the six key questions based on the above-mentioned principles.

So, personal data should be:

  • processed in a lawful, fair and transparent manner;
  • collected with the lawful purpose and processed in line with that purpose;
  • limited to what is necessary and with respect to the purpose;
  • accurate and kept up to date;
  • kept for no longer than is necessary for the respective purpose;
  • processed in a manner that ensures the security and integrity of the data.

Principles are not to be used as a quick test. Yet, knowing principles help non-lawyers to understand the logic behind the Serbian data protection regime.

This text is for informational purposes only and should not be considered legal advice. Should you require any additional information, feel free to contact us.

By Milos Velimirovic, Partner, and Katarina Zivkovic, Senior Associate, Samardzic, Oreski & Grbovic