The need for this outcome arose from the growing importance of personal data protection, particularly in response to the expanding impact of new technologies. Serbia had not updated its Data Protection Strategy in over a decade, and although the Law on Personal Data Protection had been adopted six years prior, the country still lacked clear guidelines and effective enforcement mechanisms. Recognizing this gap, the SHARE Foundation actively participated in the working group responsible for shaping the new Data Protection Strategy. Our contribution was focused on aligning Serbia’s data protection standards with European regulations, with the specific goal of securing a European Commission decision that would recognize Serbia’s adequacy in personal data protection. Additionally, we advocated for stronger enforcement measures, including granting the Commissioner the authority to impose fines directly, aligning Serbia’s approach with the stricter penalties outlined in the GDPR. This strategic document was critical for enhancing both the legal framework and practical enforcement of data protection, thereby safeguarding personal rights amid rapid technological developments.
The primary beneficiaries of this result include Serbian citizens, government and regulatory bodies, civil society organizations, the private sector, and tech activists.
The SHARE Foundation’s legal team actively participated in the working group responsible for drafting the Data Protection Strategy, and we are pleased to report that, 14 years after the adoption of the first strategy (https://pravno-informacioni-sistem.rs/eli/rep/sgrs/vlada/strategija/2010/58/1) and 6 years after the enactment of the new Law on Personal Data Protection (https://www.paragraf.rs/propisi/zakon_o_zastiti_podataka_o_licnosti.html), Serbia now has a strategic document with the primary goal of ensuring “Respect for the right to personal data protection in all areas of life.”
One of the key achievements, resulting from the SHARE Foundation’s advocacy, is the inclusion of a critical indicator for measuring the success of this goal—the European Commission’s decision recognizing Serbia’s adequacy in personal data protection. Additionally, based on SHARE Foundation’s proposals, the Strategy now includes provisions for the Commissioner to impose administrative measures, which could lead to a stricter and more efficient punitive policy. Specifically, the Commissioner will have the authority to directly impose fines, bypassing the need for misdemeanor courts. These fines could exceed the previous maximum of 2 million dinars, moving closer to the penalty framework established by the GDPR.
The Strategy also acknowledges the impact of new technologies on personal data protection. In line with SHARE Foundation’s suggestions, a key element of the Strategy is the development of Guidelines for assessing the impact of data processing on personal data protection, particularly in relation to emerging technologies. Moreover, the number of software solutions developed in accordance with these impact assessments will be another important indicator for tracking the success of regulatory efforts in this field.
We are proud to note that, after 14 years since the introduction of the first strategy and 6 years following the adoption of the new Law on Personal Data Protection, Serbia has finally received a strategic document with the primary goal of ensuring “Respect for the right to personal data protection in all areas of life.” This significant milestone reflects the progress made in strengthening personal data protection in Serbia and paves the way for further advancements in line with European standards.
You can read the PERSONAL DATA PROTECTION STRATEGY for the period from 2023 to 2030 at the following link.