Cyber Law at Serbia
Serbia has developed a comprehensive legal framework addressing cybercrime, data protection, and cybersecurity, aligning with international standards and EU regulations.
🛡️ Data Protection Law: Law on Personal Data Protection (LPDP)
Enacted in 2018, the Law on Personal Data Protection (LPDP) closely mirrors the EU's General Data Protection Regulation (GDPR), reflecting Serbia's EU accession aspirations, The law establishes principles for data processing, rights of data subjects, and obligations of data controllers and processors
Key Provisions:
Data Subject Rights: Individuals have the right to access, correct, delete, and restrict the processing of their personal data
Data Breach Notification:Controllers must notify the Commissioner and affected individuals within 72 hours of becoming aware of a data breach;
International Data Transfers:Transfers to non-EU countries are permitted if appropriate safeguards are in place, such as binding corporate rules or standard contractual clauses
Data Protection Officer (DPO):Required for public authorities or entities engaged in large-scale processing of sensitive data
Enforcement and Penalties:
Non-compliance with the LPDP can result in fines
Legal Entities:Up to RSD 2 million (approximately EUR 16,800)
Entrepreneurs:Up to RSD 500,000 (approximately EUR 4,200)
Individuals:Up to RSD 150,000 (approximately EUR 1,275) Despite these provisions, enforcement challenges persist, and some global tech companies have been slow to appoint local representatives in Serbia
💻 Cybercrime Legislation
Serbia's Criminal Code includes several provisions addressing cybercrime, particularly in Chapter 27, which pertains to offenses against the security of computer data. Key offenses include:
Unauthorized Access Gaining unauthorized access to computer systems or data.
Data Damage Damaging, deleting, or rendering computer data or programs unusable.
Computer Fraud Engaging in fraudulent activities using computer system.
Creating Computer Viruses Developing or distributing malicious softwar.These offenses are punishable by fines or imprisonment, depending on the severity of the crime
🔐 Cybersecurity Regulation
The Regulatory Agency for Electronic Communications and Postal Services (RATEL) oversees cybersecurity in Serba.Obligations for entities include:
*Internal Security Measures: Implementing internal bylaws on the security of information and communication systems
*Incident Reporting: Mandatory reporting of incidents related to information and communication systems.
*Security Oversight: Appointing personnel or units responsible for the security supervision of information and communication systems
Serbia also has a national Computer Emergency Response Team (CERT) under RATEL, tasked with coordinating responses to cybersecurity incidents.
⚖️ International Cooperation
Serbia is a signatory to the Budapest Convention on Cybercrime, committing to harmonize its laws with international standards on cybercrime and electronic evidene However, full implementation of some protocols, such as those related to enhanced cooperation and the discovery of electronic evidence, remains pending
RELATED Blog
0 comments