On the occasion of the International Day for the Protection of Personal Data, the Ministry of Justice stated that personal data were protected in the same manner as in other EU countries owing to the new Personal Data Protection Act, which entered into force in August 2019. In practice, this means that public authorities, health institutions, banks, schools, faculties, retail chains and other entities process the personal data of citizens applying the same rules as in Europe.
Personal Data Protection Act regulates the protection of personal data of citizens, such as name, residence address, e-mail address, registration number, health status, property status and other data and determines rules regarding the processing of such data. Citizens have the right to get acquainted with all aspects of the use of their personal data, they can request and receive notification of the processing of their data that the public authority or other processor possesses. They also have the right to access the data, as well as the right to be issued a copy of the data kept about them, etc. Consent to data processing can only be voluntary, and the Act provides for the protection of citizens in proceedings before the Commissioner for the Protection of Personal Data and the courts of law.
The competences of the Commissioner for Personal Data Protection have been expanded, who now supervises data protection implementation, acts on complaints, performs inspections through authorised persons, monitors and permits the exporting of data out of the Republic of Serbia, alerts to abuses in data collection, and performs international cooperation activities.
By adopting this Act, which was one of the preconditions for the conclusion of the Cooperation Agreement between Serbia and EUROJUST, Serbia has fully harmonised its legislation with the relevant EU regulations and directives in this field, thus taking another step forward on the path to a full EU membership.