PERSONAL DATA PROTECTION

The Ječmenica law office intensively deals with the protection of personal data. Our lawyers have undergone professional training and attended seminars in this field. This is an area that is still in its infancy in our country, and its actuality is dictated above all by the adoption of the European Union Regulation on the Protection of Personal Data, better known as GDPR . In our country , the Law on Personal Data Protection (“Official Gazette of RS, No. 87/2018) has been amended, which is the main source of law in this area, while its legal solutions are inspired by the GDPR.

This legislative trend has placed an imperative on domestic legal entities, which process personal data, to harmonize the processing of this data with the requirements of the Legislator and thus avoid large fines . Accordingly, the protection of personal data appears as a very important issue for modern business.

Personal data are all data related to a natural person, through which his identity is determined or can be determined , such as: name and surname, e-mail address, social security number, phone number, IP address, physical characteristics, physiological characteristics, cultural identity, etc. On the other hand, under “personal data processing” we consider any procedure or set of procedures , regardless of whether they are automated or non-automated, such as: collection, recording, structuring, recording, modification, inspection, disclosure by transfer, dissemination or making available in another way, restriction, deletion, etc.

Legal entities that in their business need to process personal data of individuals are called processors . When processing personal data, handlers must respect the basic principles proclaimed by the Personal Data Protection Act, namely: the principle of legality, the principle of honesty and transparency, the principle of limitation in relation to the purpose of processing, the principle of data minimization, the principle of accuracy, the principle of storage limitations and the principle of integrity and confidentiality. Adherence to these principles is a litmus test of the extent to which each controller has aligned the processing of personal data with the Personal Data Protection Act. The meaning of these principles is to set the imperative for each operator to process data for a specific purpose , in accordance with a valid legal basis, whereby they will be able to process only the most necessary data , while individuals will have the right to be informed about the data being processed.

The Law on the Protection of Personal Data foresees several possible legal bases for the processing of personal data of individuals: a) consent – e.g. filling out the newsletter in order to send advertising material; b) execution of the contract with the person to whom the data refer – e.g. leaving data in order to make a purchase via online stores; c) fulfillment of legal obligations of the operator – e.g. the employer is obliged to inform the RF PIO of the data on the earnings of employees for the purpose of paying taxes and contributions; d) protection of vital interests of individuals to whom the data refer – e.g. The hospital collects data on a life-threatening patient; e) processing is necessary for the purpose of performing tasks in the public interest; f) overriding (legitimate) interests of the operator – e.g. collecting data to discover the habits of its customers.

Our law office provides legal entities with a comprehensive service in the field of legal protection of personal data:

• Analysis of all existing processing of personal data and legal advice on how to comply with the law
• Creation of the Notice on the processing of personal data (privacy policy)
• Production of all types of records of personal data processing activities (employees, business partners, clients, etc.)
• Drafting of adequate Regulations on the protection of personal data
• Creation of the Statement of Consent to the Processing of Personal Data
• Development of a model of Response to the requests of individuals in connection with exercising the right to access, correct and delete personal data
• Drafting of all other internal acts at the employer