After two years of keen anticipation, the day on which the EU General Data Protection Regulation (GDPR) becomes effectively applicable (25 May 2018) has finally arrived.
Although GDPR is an EU regulation, its application is not limited to the companies located within the territory of the Union. On the contrary, its scope also reaches undertakings established outside the EU, provided they process personal data of individuals in the Union (Art. 3.2 GDPR).
What the above means in practice for Serbian, Montenegrin and Bosnian businesses is that, from today, the companies having/targeting clients in the EU are, most likely, under the scope of GDPR. As a consequence, those entities wanting to avoid reputational damage and the risk of being exposed to the large fines which courts in EU member states may impose for violation of GDPR, should seriously consider to:
- review and adapt their privacy/data protection policies and proceedings, to ensure that they meet the GDPR standards when it comes to personal data of people in the EU, and
- appoint a representative in the EU, where applicable under Art. 27.1 of GDPR. Read more.