SERBIA Law and Practice Contributed by: Vladimir Djeric, Katarina Radovic and Lena Petrovic, Mikijelj, Janković & Bogdanović
Initiation of New Supervision Procedures The Commissioner initiated 771 new supervision procedures: • 566 regular inspections; and • 205 extraordinary inspections; (a) 138 based on complaints; (b) 29 due to data breach notifications; and (c) 38 for other reasons. Court Proceedings Related to Commissioner’s Activities Administrative Court Cases 72 lawsuits were filed against the Commissioner before the Administrative Court. 16 lawsuits were filed by the Ministry of Inter - nal Affairs due to orders to delete personal data from their records. The Administrative Court resolved 12 lawsuits, rejecting all as unfounded. The Constitutional Court received 30 constitu - tional complaints related to the Commissioner’s decisions, but due to classification methods, it is unclear how many were about personal data protection. The Constitutional Court issued 12 rulings, rejecting all complaints. Misdemeanour responsibility The Commissioner filed ten misdemeanour requests due to violations of the PDPA, target - ing: • four cases of processing personal data con - trary to fundamental principles; • one case of processing personal data without consent; and
of data processing, as well as to order rectifica - tion of identified irregularities in data processing within a specified period of time, or to render a temporary ban on any processing carried out contrary to the provisions of the PDPA (Article 79 of the PDPA). Data processing contrary to the provisions of the PDPA represents a misdemeanour pun - ishable with a fine between RSD50,000 and RSD2 million for a legal entity, RSD20,000 and RSD500,000 for an entrepreneur, and RSD5,000 and RSD150,000 for both a natural person and the responsible person in a legal entity (Article 95 of the PDPA). 1.4 Data Protection Fines in Practice According to the Commissioner’s annual report for 2023 (the report for 2024 is not available at the moment of submission of this article) the Commissioner carried out a total of 731 inspec - tions (549 regular inspections and 182 extraor - dinary inspections). 689 cases were closed after confirming compliance with previous inspection findings, 24 cases were closed with an official note or response to the complainant, as no vio - lations of the PDPA were found. 18 cases were pursued further as misdemeanours. Violations Identified 66 cases were found to involve violations of the PDPA, leading to the following enforcement actions: • ten misdemeanour proceedings were initi - ated; • five misdemeanour orders were issued; and • 51 corrective measures (warnings) were imposed on data controllers.
374 CHAMBERS.COM
Powered by FlippingBook