New Privacy Rules in the EU – Here Comes the GDPR
Illustration: Rian Johnson, director, Star Wars Episode VIII: The Last Jedi
GDPR was enacted in 2016 with the aim to enhance privacy protection of EU residents. It particularly focuses on the new business models in the digital environment, contemporary risks of misuse of personal data, and the widespread cross-border flow of personal data.
GDPR affects EU residents, institutions and business primarily. However, non-EU businesses (including business registered in Serbia) that perform processing of EU residents’ data are required to comply with the GDPR. GDPR also applies to business based in Serbia offering goods or services to EU residents in the EU (irrespective of whether a payment is required), and to business performing monitoring of EU residents’ behavior, provided that it takes place in the EU.
The legal framework in the Republic of Serbia is not aligned with the GDPR: Therefore, Serbian citizens will not be able to enjoy the same level of protection of their privacy and data protection rights. We urge the Government of Serbia to enact the new Personal Data Protection Law, aligned with the GDPR, to provide effective protection of privacy rights of Serbian citizens.