In Effect Law Data Protection Context Relevance

Serbia PDP Law

Law on Personal Data Protection

Serbia's GDPR-aligned data protection law with profiling safeguards and DPIA requirements.

Jurisdiction

Serbia

Enacted

Aug 21, 2018

Effective

Aug 21, 2019

Enforcement

Commissioner for Information of Public Importance and Personal Data Protection

GDPR-aligned

What It Requires

Transparency

Must disclose AI nature, data practices, or algorithmic decisions

User Rights

Must honor access, correction, and deletion requests

Who Must Comply

This law applies to:

• Data controllers and processors in Serbia
• Entities processing data of Serbian residents
• Automated profiling and decision-making systems

Capability triggers:

● profiling (required)

◐ automatedDecisionMaking (increases)

● Required ◐ Increases applicability

Who bears obligations:

Data Controller Data Processor

Safety Provisions

• Profiling and automated processing safeguards
• Data Protection Impact Assessment required
• Breach notification to Commissioner
• Right to object to automated decisions
• Cross-border transfer restrictions

Enforcement

Enforced by

Commissioner for Information of Public Importance and Personal Data Protection

Penalties

Fines and administrative sanctions

Primary Source

Serbian Data Protection Commissioner (opens in new tab)

https://www.poverenik.rs/en/

Quick Facts

Binding: Yes
Mental Health Focus: Yes
Child Safety Focus: No
Algorithmic Scope: Yes

Why It Matters

Serbia's GDPR-aligned framework with profiling safeguards creates compliance pathway for AI chatbot platforms serving Serbian users with automated risk assessments.

Cite This

APA

Serbia. (2018). Law on Personal Data Protection. Retrieved from https://nope.net/regs/rs-pdp-law

BibTeX

@misc{rs_pdp_law,
  title = {Law on Personal Data Protection},
  author = {Serbia},
  year = {2018},
  url = {https://nope.net/regs/rs-pdp-law}
}

Related Regulations

In Effect RS • AI Safety

Serbia AI Ethics Guidelines

Serbia's non-binding AI ethics guidelines establishing explainability, accountability, and transparency principles.

In Effect CH • Data Protection

Switzerland FADP

Switzerland's revised data protection law with Article 21 automated decision transparency requirements, human review rights, and fines up to CHF 250,000.

In Effect PT • Data Protection

Portugal Digital Rights Charter

Portugal's Charter of Digital Rights with Article 9 requiring AI to respect fundamental rights and establishing algorithmic auditability principles.

In Effect EU • Data Protection

Foundational EU data protection law with direct AI enforcement precedent. Article 22 restricts automated decision-making; Article 9 classifies mental health data as special category requiring explicit consent; Article 8 sets children's consent thresholds (13-16 by member state).

In Effect AT • AI Safety

Digital Austria 2.0

Austria's digital sovereignty framework establishing Sovereignty Compass for AI audits and mandatory Digi-Check for all legislation.

In Effect EE • AI Safety

Estonia Kratt Plan

Estonia's €85M AI and Data Action Plan establishing safety testing framework and human-centered AI deployment principles.

Back to all regulations Check if this applies to you