Skip to main content
NOPE
In Effect Law Data Protection

Serbia PDP Law

Law on Personal Data Protection

Serbia's GDPR-aligned data protection law with profiling safeguards and DPIA requirements.

Jurisdiction

Serbia

Enacted

Aug 21, 2018

Effective

Aug 21, 2019

Enforcement

Commissioner for Information of Public Importance and Personal Data Protection

GDPR-aligned

Serbian Data Protection Commissioner

Why It Matters

Serbia's GDPR-aligned framework with profiling safeguards creates compliance pathway for AI chatbot platforms serving Serbian users with automated risk assessments.

At a Glance

Applies to

AI CompanionMental Health AppGeneral Chatbot

Who Must Comply

  • Data controllers and processors in Serbia
  • Entities processing data of Serbian residents
  • Automated profiling and decision-making systems

Obligations fall on:

Safety Provisions

  • Profiling and automated processing safeguards
  • Data Protection Impact Assessment required
  • Breach notification to Commissioner
  • Right to object to automated decisions
  • Cross-border transfer restrictions

Compliance & Enforcement

Penalties

Fines and administrative sanctions

View on map

Serbia

Focus Areas

Mental health & crisis
Algorithmic accountability

Cite This

APA

Serbia. (2018). Law on Personal Data Protection.

Related Regulations

In Effect RS

Serbia AI Ethics Guidelines

Serbia's non-binding AI ethics guidelines establishing explainability, accountability, and transparency principles.

In Effect CH

Switzerland FADP

Switzerland's revised data protection law with Article 21 automated decision transparency requirements, human review rights, and fines up to CHF 250,000.

In Effect PT

Portugal Digital Rights Charter

Portugal's Charter of Digital Rights with Article 9 requiring AI to respect fundamental rights and establishing algorithmic auditability principles.

In Effect EU

GDPR

Foundational EU data protection law with direct AI enforcement precedent. Article 22 restricts automated decision-making; Article 9 classifies mental health data as special category requiring explicit consent; Article 8 sets children's consent thresholds (13-16 by member state).

In Effect AT

Digital Austria 2.0

Austria's digital sovereignty framework establishing Sovereignty Compass for AI audits and mandatory Digi-Check for all legislation.

In Effect AT

Austria AI Service Center

Austria's national AI authority established within RTR (Rundfunk und Telekom Regulierungs-GmbH) for EU AI Act market surveillance coordination.

All regulations Check if this applies to you

Last updated January 22, 2026. Verify against primary sources before relying on this information.