Karanović & Nikolić: GDPR Ante Portas!
April, 2018 - Belgrade, Serbia
On Thursday, 12 April, Karanović & Nikolić organised a presentation on the European Union's General Data Protection Regulation (GDPR). This briefing was intended for employees of legal and HR departments in various Serbian companies, who had a unique opportunity to learn more about this regulation, which will come into force on 25 May this year.
Our experts in the field of data protection rights elaborated on the frequently asked questions about GDPR: in which cases GDPR applies to Serbian companies, what measures should be taken to harmonise business and avoid the draconian penalties that this regulation provides for (up to 4% of the global annual turnover), and what could be its impact on domestic regulations in this area. In addition, the presentation included a review of the Slovenian experience with GDPR, as well as the measures undertaken by Slovenian companies in order to comply with this regulation.
GDPR is intended to apply to companies founded in the European Union, in the context of their activities on EU territory. However, it can be interpreted in such a way as to apply not only to companies with formal headquarters in the EU, but also through other forms of market presence by which they effectively conduct their activities on EU territory.
In that sense, GDPR will not be formally applicable to companies founded outside the EU – including Serbian companies. However, there are certain exceptions to this rule: GDPR will apply to those companies as well if they process personal data belonging to individuals in the EU, provided that such processing is connected to:
Offering goods and services to those individuals in the EU (e.g. clothes, software, cloud services etc.); or,
Monitoring their behaviour to the extent that behaviour occurs on EU territory (e.g. the use of website cookies to monitor consumer online behaviour etc.).
This regulation will also influence strongly numerous companies in Serbia that are not formally obliged to implement it, including in particular the ones providing data processing services to EU companies. Also, the new draft Serbian Law on Data Protection incorporates most of the solutions offered by GDPR, meaning that at a certain point in time GDPR standards will become part of Serbian legislation – and thus be applicable to all domestic companies.
The presentation was held by attorneys at Law in cooperation with Karanović & Nikolić, Goran Radošević, Sanja Spasenović and Jaka Simončič.
