Support Centre

Croatia

Summary

Law: Law on the Implementation of the General Data Protection Regulation 2018 ('the Law') and the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR)

Regulator: Personal Data Protection Agency (AZOP)

Summary: Croatia implemented the GDPR in 2018 through the Law on the Implementation of the General Data Protection Regulation 2018 (the Law).

The Law implements the GDPR but also sets out additional rules on the processing of personal data in specific circumstances, such as with regard to children's consent, the processing of genetic data in relation to life insurance, and the processing of biometric data in the private sector. In addition, the Law contains extensive provisions on the processing of personal data by means of video surveillance, as well as specific requirements for the processing of personal data for statistical purposes.

The Personal Data Protection Agency (AZOP) is the supervisory authority under the Law. The AZOP is fairly active and has published numerous opinions, recommendations, and clarifications on specific data processing issues. It has also imposed a few fines, including a fine of €5.47 million on a debt collection agency for the lack of organizational and security measures and unlawful processing of data.

Insights

Article 37 of the General Data Protection Regulation (GDPR) obliges data controllers and processors to designate a data protection officer (DPO). As part of this obligation, data controllers and processors are also required to publish the contact details of the DPO and to communicate the DPO's contact details to relevant supervisory authorities. In part one of this Insight series, OneTrust DataGuidance focuses on the requirement to communicate DPO contact details to the relevant supervisory authorities, providing an overview on the rules and guidelines for DPO contact registration across Austria, Belgium, Bulgaria, Croatia, Czech Republic, Denmark, Estonia, Finland, France, Germany, and Greece.

The new Electronic Communications Act (Official Gazette No. 76/22) ('the Act') entered into force on 1 July 2022, transposing Directive (EU) 2018/1972 of the European Parliament and of the Council of 11 December 2018 establishing the European Electronic Communications Code1. Ema Mendjusic Skugor and Marta Hren, from Divjak, Topic & Bahtijarevic, provide an overview of the changes and provisions and answer frequently asked questions ('FAQs').