Urgent – Standard Contractual Clauses Have Been Adopted
Urgent – Standard Contractual Clauses Have Been Adopted

Katarina Živković
Senior Associate

Dragan Martin
Associate
Commissioner for Information of Public Importance and Personal Data Protection has issued long-awaited Decision on Determining Standard Contractual Clauses which will enter into force on 30 January 2020.
These Standard Contractual Clauses (hereinafter: “SCCs”) consist of rights and obligations which regulate relations between the controller and processor of personal data and their main purpose is to ensure a sufficient protection of data that is being transferred internationally.
When to use SCCs
Both General Data Protection Regulation and Serbian Act on Personal Data Protection require the relations between controller and processor to be regulated by contract or other legal act in such a way that personal data remains protected at all times, regardless of whether the controller and processor transfer data domestically or internationally.
However, as per Serbian Act on Personal Data Protection, if personal data is being transferred to a third country or international organization for which the Serbian Government has decided that the third country, a territory or one or more specified sectors within that third country, or the international organization in question does not ensure an adequate level of protection, such transfer shall be subjected to prior authorization from the Commissioner for Information of Public Importance and Personal Data Protection, unless appropriate safeguards are provided and that enforceable data subject rights and effective legal remedies for data subjects are available. One of the ways to provide appropriate safeguards and circumvent the prior approval procedure is to incorporate SCCs into contracts between the controller and the processor on the condition that they are incorporated in their entirety. In that way, it shall be considered that the appropriate safeguards are ensured.
To summarize, SCCs should be incorporated into every contract between the controller and the processor if the personal data is being transferred to a country, territory, one or more specified sectors of the country or international organization that according to a decision of Serbian Government does not ensure an adequate level of protection for personal data.
This text is for informational purposes only and should not be considered legal advice. Should you require any additional information, feel free to contact us.
Contact:
Katarina Živković , Senior Associate
katarina.zivkovic@sog.rs
Dragan Martin, Associate
dragan.martin@sog.rs
OTHER NEWS
The New Serbian Legal Framework for Internships to Be Adopted
At the end of 2021, a public debate was held in the National Assembly on the Draft Law on Work Practice. The Draft itself is a reaction to relatively unfavourable basic labour market indicators, which predict that young people in Serbia lag behind their peers in...
NFTs in the Light of Trademark Law
Recently, non-fungible tokens (“NFTs”) have become the subject of significant public attention, primarily due to the high amounts of money allocated for their purchase. For example, it is estimated that the worth of the global NFT market in 2021 was about 41...
What Is a Data Protection Officer (DPO)?
Data Protection Officer (“DPO”) is a person overseeing a company’s data protection strategy and implementation in order to ensure compliance with General Data Protection Regulation (“GDPR”) requirements. Any company that processes or stores personal data is...
Let's connect
Let us know how we can help you and your business.