Urgent – Standard Contractual Clauses Have Been Adopted

January 27, 2020

Urgent – Standard Contractual Clauses Have Been Adopted

January 27, 2020

Katarina Živković

Katarina Živković

Senior Associate

Dragan Martin

Dragan Martin

Associate

Commissioner for Information of Public Importance and Personal Data Protection has issued long-awaited Decision on Determining Standard Contractual Clauses which will enter into force on 30 January 2020.

These Standard Contractual Clauses (hereinafter: “SCCs”) consist of rights and obligations which regulate relations between the controller and processor of personal data and their main purpose is to ensure a sufficient protection of data that is being transferred internationally.

When to use SCCs

Both General Data Protection Regulation and Serbian Act on Personal Data Protection require the relations between controller and processor to be regulated by contract or other legal act in such a way that personal data remains protected at all times, regardless of whether the controller and processor transfer data domestically or internationally.

However, as per Serbian Act on Personal Data Protection, if personal data is being transferred to a third country or international organization for which the Serbian Government has decided that the third country, a territory or one or more specified sectors within that third country, or the international organization in question does not ensure an adequate level of protection, such transfer shall be subjected to prior authorization from the Commissioner for Information of Public Importance and Personal Data Protection, unless appropriate safeguards are provided and that enforceable data subject rights and effective legal remedies for data subjects are available. One of the ways to provide appropriate safeguards and circumvent the prior approval procedure is to incorporate SCCs into contracts between the controller and the processor on the condition that they are incorporated in their entirety. In that way, it shall be considered that the appropriate safeguards are ensured.

To summarize, SCCs should be incorporated into every contract between the controller and the processor if the personal data is being transferred to a country, territory, one or more specified sectors of the country or international organization that according to a decision of Serbian Government does not ensure  an adequate level of protection for personal data.

 

This text is for informational purposes only and should not be considered legal advice. Should you require any additional information, feel free to contact us.

Contact:

Katarina Živković , Senior Associate
katarina.zivkovic@sog.rs

Dragan Martin, Associate
dragan.martin@sog.rs

OTHER NEWS

The New Serbian Legal Framework for Internships to Be Adopted

The New Serbian Legal Framework for Internships to Be Adopted

 At the end of 2021, a public debate was held in the National Assembly on the Draft Law on Work Practice. The Draft itself is a reaction to relatively unfavourable basic labour market indicators, which predict that young people in Serbia lag behind their peers in...

read more
NFTs in the Light of Trademark Law

NFTs in the Light of Trademark Law

 Recently, non-fungible tokens (“NFTs”) have become the subject of significant public attention, primarily due to the high amounts of money allocated for their purchase. For example, it is estimated that the worth of the global NFT market in 2021 was about 41...

read more
What Is a Data Protection Officer (DPO)?

What Is a Data Protection Officer (DPO)?

 Data Protection Officer (“DPO”) is a person overseeing a company’s data protection strategy and implementation in order to ensure compliance with General Data Protection Regulation (“GDPR”) requirements. Any company that processes or stores personal data is...

read more

Let's connect

Let us know how we can help you and your business.