Law: Law on Protection of Personal Data 2018 (Official Gazette of the Republic of Serbia, No. 87/2018 (only available to download in Serbian here) (the Law)

Regulator: Commissioner for Information of Public Importance and Personal Data Protection (Poverenik)

Summary: The Law on Protection of Personal Data 2018 (Official Gazette of the Republic of Serbia, No. 87/2018 (only available to download in Serbian here) (the Law) entered into force on November 21, 2018, but its application started nine months from the date of its entry into force, i.e. on August 21, 2019. The Law is supplemented by decrees and rulebooks. The Commissioner for Information of Public Importance and Personal Data Protection (Poverenik) has released guidelines, frequently asked questions, and checklists related to the Law. However, notable enforcement decisions under this law by Poverenik have not yet been made. Poverenik has also issued its support in favour of Serbia ratifying the Protocol amending the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (the Convention 108). In addition, the Law on Information Security (No. 6/2016, 94/2017, 77/2019) (only available in Serbian here) is Serbia's comprehensive cybersecurity law and is aligned with the Directive on Security Network and Information Systems (Directive (EU) 2016/1148) (the NIS Directive).