Serbia marks the 40th anniversary of the Data Protection Convention

Data Protection Commissionaire Publishes a Q&A Overview of its Practice

The Serbian Data Protection Commissionaire hosted an event on 28 January, marking the 40th anniversary of the day when the Council of Europe’s data protection convention, known as “Convention 108”, was opened for signature.

Due to COVID-19 restrictions, the event was organised in the form of a webinar, and only the speakers and a handful of state authorities’ representatives were physically present.

The Commissionaire’s office used the occasion to present its new publication titled “Personal Data Protection: Commissionaire’s Positions and Opinions”. This long-awaited document contains an overview of the Commissionaire’s practice in applying the new Data Protection Law (the local GDPR counterpart), which entered into force 17 months ago. Written in Q&A form, the publication covers a number of specific issues the Commissionaire has been dealing with during this period, by performing its supervisory duties, acting upon data subjects’ complaints, and providing its interpretative opinions upon request from various parties.

As mentioned in the publication itself, the Commissionaire’s practice shows that the current Data Protection Law has numerous deficiencies and often contains unclear provisions, which warrant enacting important amendments in the future. In the meantime, the publication will likely provide valuable insight into what the Commissionaire’s position may be on different issues. However, it also raises further questions and business uncertainties, as a number of important questions have not been decisively interpreted, often due to the lack of sufficient legislative framework for the Commissionaire to rely on.

The publication of this Q&A is, without a doubt, an excellent step forward for the Commissionaire’s office, demonstrating a proactive approach in raising data privacy awareness, and sending a signal to companies that the unofficial “grace period” for getting to know their obligations is soon coming to an end. This may be a good time for companies to check the status of their data protection compliance, and to upgrade their documents and procedures, where needed.


The Commissionaire’s publication is available here (in Serbian only):





The information in this document does not constitute legal advice on any particular matter and is provided for general informational purposes only.