Data Protection

Data privacy and protection legal team at SOG advises clients how to prepare preventive measures, response strategies, and remedies.

Data privacy and security are among the SOG’s top legal advisory priorities.

Modern Challenges to Personal Privacy

It is estimated that in the first half of 2018 alone, about 4.5 billion records were exposed as a result of data breaches, and in 2019 data breaches have run at a record pace of 3,800 publicly disclosed breaches, exposing over 4.1 billion identity records. The effects of these breaches include, among many others, direct influence on crucial democratic and social processes.

Cybersecurity, data protection, and privacy have never been a bigger concern for governments and businesses around the globe.

A small revolution in how personal data is treated in the EU happened with the introduction of the General Data Protection Regulation (GDPR), which came into force on 25 May 2018. The GDPR impact on how the markets treat personal data cannot be understated, as it affects all companies involved in any kind of processing of personal data, including many working outside of the EU. In Serbia, the far-reaching effect of the GDPR was quickly reflected in the adoption of the Data Protection Act (DPA) in November 2018, which replaced the previous outdated framework and significantly improved local data protection standards.

New legislation introduced new limits and requirements in how companies collect, process, and organize personal data, making the importance of a structured approach to implementing proper data protection mechanisms and mitigating data breach risks in everyday business increasingly relevant.

Broad-based Data Protection Practice

Data security practice is one of the SOG’s top legal advisory priorities, due to GDPR and the increased threat data breaches pose, together with the high costs related to protection from these attacks, as well as the costly consequences of data privacy non-compliance.

Our lawyers combine knowledge of information laws with experience in privacy and regulatory compliance to generate privacy policies and strategies that protect clients from current threats and minimize risk from fines. We advise on implementing GDPR and DPA, supporting clients in necessary modifications of their data protection mechanisms and infrastructure. We conduct internal privacy audits, work with clients on developing internal data protection guidelines, and provide training sessions to employees in order to familiarize them with the law and company data protection rules, as well as raise awareness about the importance of protecting personal data.

We regularly advise clients on matters such as compliance assessments, data access requests, cross-border data transfers, data processing, privacy policies, data storage, retention and destruction rules, privacy complaints, disclosure agreements, and data protection in the context of the labour law and employment relations. Our response and remedy services include investigations and litigations regarding data security breaches. We conduct thorough assessments of the type and nature of the breach and extent of the impact. Our lawyers also draft appropriate documentation, manage crisis communication, and prepare clients for potential litigation.

 As a full-service law firm, our data protection practice draws on specialists from a number of departments. We combine our experts’ knowledge from employment, finance, intellectual property, and dispute resolution, which allows us to offer a rounded approach to our clients’ data protection needs.

We also have an external team of highly experienced IT experts specialized in all segments of technical compliance with GDPR and DPA.


Miloš Velimirović

Miloš Velimirović


+381 (0) 11 3282 667

+381 (0) 63 555 156

Let's connect

Let us know how we can help you and your business.