Member Article

Lana Sarajlić, attorney-at-law in cooperation with Karanović & Nikolić, participated in a Business Briefing on 10 May, which was hosted by the American Chamber of Commerce in Bosnia and Herzegovina (BiH), on the topic of data protection developments and trends in BiH practice. Lana was accompanied as panellist by Sophie Kwasny,Head of the Data Protection Unit for the Council of Europe, as well as Samira Čampara, Assistant Director, Section for Inspections and Complaints, and Silvija Fučec, Senior Public Relations Advisor, from the Data Protection Agency of Bosnia and Herzegovina.

Ms. Kwasny opened the panel discussion by providing a brief overview of the principles laid out in the Convention 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data, which was ratified by Bosnia & Herzegovina in 2006, and the most recent efforts to modernise the convention in light of technological advancements in processing and transferring data.She continued by highlighting the capacity building efforts of the Council of Europe's Data Protection Unit throughout the region and the need for such efforts to be taken in BiH to lead the country ahead in its data protection practice.

This presentation was followed by a review of companies' obligations under Bosnia and Herzegovina's Data Protection Law by representatives from the Data Protection Agency (DPA). The need for companies to adopt a security plan for the protection of personal data, the need to run properly personal data filing systems and make relevant registrations on such filing systems with the DPA, transferring data to third parties and the regime provided for under the law for inspections and fines were discussed. The DPA indicated that given the limited awareness among BiH companies and public institutions of their data protection obligations, efforts need to be made at this stage to increase awareness of those obligations rather than penalising such entities for non-compliance.

Lana Sarajlićconcluded the panel by summarising the perspectives presented by the Council of Europe and the DPA, and raising the issue of transfers of personal data abroad and implications for Bosnian companies, as well as the need for continuous compliance of companies with the law in all aspects of personal data processing.

When the floor was opened for questions, it was not surprising that many companies from various ectors had questions for the DPA on how to comply with BiH's data protection requirements in various concrete situations.Issues that arose during the Q&A session included the new challenges to the protection of personal data imposed by cloud computing, specifics of personal data processing by financial organisations and pharmaceutical companies, challenges regarding trans-border flow of data facing telecom operators, as well as general observation on complexity of the registration requirements.