‘The purpose of the Personal Data Protection Act (PDA) is to protect information about a person as well as having the citizens know who collects their personal data, how their data is being processed and what is being done with it’, it was stated at a conference titled ‘Presenting the Personal Data Protection Act’.

Assistant Justice Minister Čedomir Backović cautioned that personal data nowadays had commercial value and that citizens needed to be certain about who was collecting their data. ’There is insufficient general awareness that citizens have the right to know who collects their data and how their data is being processed. The PDA serves to raise this awareness and the timing to introduce the PDA is right’, Mr Backović commented. He also noted that the relevant institutions had spent nine months preparing for the enforcement of the new statutory measures of personal data protection.

Mr Backović appealed to all actors who played a part in applying the PDA, either by way of monitoring or direct application, to make maximum effort. He stressed, however, that the purpose of the statute was not to penalise anyone, but to protect citizens’ data in the best way possible. He believed that everyone would slowly, but surely become acutely aware of the need to handle citizens’ personal information with due care. He added that the Commissioner for Information of Public Importance and Personal Data Protection would monitor the application of the PDA.

Zlatko Petrović from the Office of the Commissioner for Information of Public Importance and Personal Data Protection stated that the PDA, on the one hand, brought new rights to natural persons, and on the other, imposed many obligations on the data controllers and processors who handled data directly. ’We were obliged to harmonise our legislation with the European Union standards of personal data protection. The new PDA has been adopted and in force for over a month. The Commissioner has already initiated several monitoring procedures under the PDA. Furthermore, the PDA obliges the Commissioner to keep a record of persons tasked with applying the PDA’, Mr Petrović explained.   

Jelena Jovanović from the Serbian Chamber of Commerce noted that the PDA was complex and that it affected all commercial entities in Serbia with its high demands on Serbia’s business owners and those in the EU. ’A lot of work is required in order to decide how natural persons would be notified, how their personal data would be collected and processed, whether data may be processed and how data is to be kept. Every commercial entity has personal information about their employees, so we must know who inside each commercial entity had access to such information and what is being done with it’, Ms Jovanović stressed. She added that every natural person must give consent to its personal information being used and must know the purpose of the use.                                                                 

Professor Saša Gajin at the Law Department of the University Union in Belgrade presented the new PDA at the conference, following which two additional discussion panels were held: ’Consolidating Sectoral Regulations with the PDA’ and ’Application of the PDA and accompanying bylaws’.