Security of personal data is one of the currently hot topics in the global media, because of the increasing cases of personal data breach among most famous world companies. Below please find crucial information about the regulations regarding the personal data protection.


In Serbia, the personal data security is regulated by The Law on Personal Data Protection (“Law”).

According to the size of the company as well as the risk of personal data exposure in it, both processor and a controller are required to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including among other things as appropriate:

– the pseudonymization and encryption of personal data;
– the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
– the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
– a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

In accordance with the Law, in case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority, the Commissioner for Information of Public Importance and Personal Data Protection, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

Also, when the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.

To conclude, in modern times, the protection of personal data is taken very seriously, given the constant increase in hacker attacks and theft of personal data. The GDPR in EU as well as the Law in Serbia stand as a legal barrier to malicious attempts of stealing personal data and prescribe a lot of obligations of the legal entities, regarding this protection.

If you have any question about this matter, we are encouraging you to contact BOPA for more information.