The new Personal Data Protection Act, which was passed last year, will begin to apply on August 21, 2019. The law imposes a number of obligations on all legal entities, especially those who operate with a large number of users and perform data processing of any kind, and prescribes harsh penalties for non-compliance with the Law. The main reason for adopting the Act is to comply with EU regulations.

The law applies in cases where the data processor having his / her headquarters, domicile or residence in the territory of the Republic of Serbia processes personal data in the scope of activities performed in the territory of the Republic of Serbia, regardless of whether the processing operations are carried out in the territory of the Republic of Serbia. Also, irrespective of the seat, residence or domicile of the data processor, the Law also applies to data processing cases where the data subjects have their place of residence in the Republic of Serbia, in two cases – in the case of supply of goods and services, and in the case of monitoring the activities of persons if the activities are carried out in the Republic of Serbia.