Serbia: Filing System Criterion

Applicability of Data Protection Law in Serbia: Filing System Criterion

The Filing System Criterion in Serbia's data protection law ensures that the law applies to the manual processing of personal data when such data is structured in a way that allows easy retrieval or access, thereby covering systematically arranged personal data on paper or other non-digital formats.

Text of Relevant Provisions

LPDP Art.3(1):

"This Law shall apply to processing of personal data which is performed, in its entirety or in a part thereof, by automated means, as well as to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system."

Original (Serbian):

"Ovaj zakon primenjuje se na obradu podataka o ličnosti koja se u celini ili delimično vrši automatizovanim sredstvima, kao i na obradu koja se ne vrši automatizovanim sredstvima podataka o ličnosti koji su deo sistema evidencije ili su namenjeni da budu deo sistema evidencije."

Analysis of Provisions

The Filing System Criterion is pivotal in setting the scope of applicability of Serbia's Law on Personal Data Protection (LPDP). This criterion is defined in Article 3(1), which ensures that the law covers both automated and non-automated processing of personal data, provided that the data forms part of a filing system.

Scope of Application:
- LPDP Art.3(1) specifies that the law applies to "processing of personal data which is performed, in its entirety or in a part thereof, by automated means, as well as to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system."
Definition of Filing System:
- A filing system refers to any structured set of personal data that is accessible according to specific criteria. This includes both digital and non-digital formats, ensuring comprehensive coverage of all organized personal data.
Manual Data Processing:
- The inclusion of manual processing under this criterion ensures that personal data stored in physical files, provided they are systematically arranged, are subject to the same data protection requirements as those processed digitally.
Exemptions:
- The law does not apply to processing performed by a natural person for personal or household needs, which limits its scope to protect only those data processing activities with broader implications for data privacy.

Implications

For Business

Manual Record Compliance: Businesses must recognize that manual records, if structured in a filing system, are subject to the same regulatory requirements as automated records. This necessitates the implementation of data protection measures for physical files, including security and access controls.
Comprehensive Data Protection: Companies must ensure compliance with LPDP across all forms of data processing. This includes establishing policies and procedures for handling personal data in both digital and manual formats to ensure they meet the standards set by the law.
Organizational Impact: Organizations must review and potentially restructure their filing systems to ensure compliance with LPDP. This involves assessing how personal data is stored, organized, and accessed within their operations, whether in digital or physical formats.

The Filing System Criterion in Serbia’s LPDP ensures comprehensive protection of personal data by covering both automated and manual processing, reflecting the importance of consistent data protection measures across various data handling methods.

Jurisdiction Overview

Serbia

🎦 Monitoring Data Subjects Within Jurisdiction 📍 Processing by Local Establishment 🖥️ Automated Means Criterion 🗃️ Filing System Criterion 🏡 Personal and Domestic Use Exemption 🛍️ Offering Goods and Services to Data Subjects in Jurisdiction 💼 Processing by Entity Registered or Incorporated in Jurisdiction Physical Location/Residency of Data Subject in Jurisdiction 💽 Prospective Filing System Inclusion