Standard contractual clauses governing the rights and duties of data controllers and processors and data transfers out of Serbia adopted

by ZS Law

Standard contractual clauses issued by the Commissioner for Information of Public Importance and Personal Data Protection of the Republic of Serbia, to govern the rights and duties of data controllers and processors, as provided in the Article 45 of the Serbian Law on Personal Data Protection (LPDP), as well as to provide for appropriate safeguards for data transfers out of Serbia and to third countries which do not ensure an adequate level of data protection, as provided in the Article 65 of the LPDP, were published in the Official Gazette of the Republic of Serbia No. 05/2020, on January 22nd,  2020.

The adoption of standard contractual clauses should contribute significantly to legal certainty. However, even those familiar with the EU Commission’s Decision on standard contractual clauses for the transfer of personal data to processors established in third countries (2010/87/EU), upon which the Serbian standard contractual clauses were modelled, at least partially and both in their terms and their form, should keep in mind the following:

  • standard contractual clauses cover data processing related issues only, and prescribe, in detail, the rights and duties of data controllers and processors;
  • appendices published along with the clauses, do forms integral part of the clauses;
  • while the clauses are to be concluded in writing, electronic form is also acceptable, and 
  • parties are free to include the clauses into their contracts, or use them as stand-alone contracts. However, should the parties alter or omit any of the clauses, altered or partially used clauses shall not be considered standard contractual clauses within the meaning of the articles 45 and 65 of the LPDP.

Finally, notwithstanding legal certainty, it should be said that filling up the appendices constituting the integral part of standard clauses, does require the utmost familiarity with all the rules prescribed by the LPDP. As for the transfer of data that is subject to appropriate safeguards, the standard contractual clauses significantly facilitate the legal validity of such a transfer, since their proper implementation eliminates the statutory need for Commissioner’s approval in cases of such transfer of personal data from the territory of the Republic of Serbia, to the territories not listed in the Decision on the list of states, parts of their territories or one or more sectors of certain activities in those countries and international organizations where it is considered that an adequate level of protection of personal data has been ensured. 

Should you have any questions regarding standard contractual clauses and data protection in general, feel free to contact Igor Petronijević, Associate at, or any of your regular contacts at Živković Samardžić.

You may also like