The new Law on Personal Data Protection, its compliance with the EU General Data Protection Regulation (GDPR), as well as the impact of these processes on CSOs were the main topics of the online discussion organized by the Civil Society Resource Center. Freek Janmaat from the Delegation of the European Union, in his introductory speech singled out the Regulation as a document that meets the most progressive and highest legal standard for data protection. It is a response to the modern digital world and has inspired passing of other similar regulations and laws around the world.
Natasha Gaber Damjanovska, director of the Academy of Judges and Public Prosecutors, explained how our new Law on Personal Data Protection is harmonized with European regulations. She stressed that the new law is quite extensive, but it remains to be seen how the new legal framework will gradually establish appropriate practice. “Careful, detailed and meticulous work of the state bodies is needed to ensure efficient operation of the institutions, but on the other hand, a reasonable and limited intrusion into the privacy of the citizens is needed. “The question in which cases the public or private interest would prevail, seems to me quite balanced in the new law,” explained Damjanovska.
Stanko Cerin, President of the Croatian Association for Personal Data, spoke about the international experiences and challenges of implementing and complying with the GDPR. According to him, the Regulation is well written, but its application is far from consistent between different countries and data protection institutions. “Private legal entities are the ones who under the new laws have to pay large fines if they do not comply with the new rules, but on the other hand public companies and other state institutions are not liable for the same offenses,” Cerin said.
Biljana Volceska, from the Agency for Personal Data Protection, clarified the role of this institution and the increased competencies it has after the adoption of the new law. The agency has drafted 13 bylaws related to data security, data transfer to third countries, lists of high-risk operations, etc.
Representatives of several associations working in this field spoke about the CSOs’ role in data protection.
Submitting complaints to the Agency for Personal Data Protection has been a citizen’s right so far, but for the first time this year, the association “Privacy” is given the opportunity to contribute to translating the law into reality. Dimitar Gjeorgjievski, president of “Privacy”, says that any entity can approach the association without any formal way and authorize it to represent it on the issue of violation of their rights in relation to this law.
Actually, the discussion at the end of the event confirmed the recommendations of this analysis, as the participants requested a simplified Guide according to which they will be able to adjust the internal policies of their organisations and work in accordance with the new law.