New Implementation of the GDPR Law in Croatia

January 18, 2022 | 4 minutes read
New Implementation of the GDPR Law in Croatia

Croatia’s Law on the Implementation of the General Data Protection Regulation 2018 is a data protection law that was recently enacted in 2018. As Croatia is a member of the European Union, the Law on the Implementation of the General Data Protection Regulation 2018 implements the provisions of the EU’s GDPR law into Croatian law, as the name of the legislation suggests. To this point, the Law on the Implementation of the General Data Protection Regulation 2018 establishes the legal framework that must be followed when the personal data of Croatian citizens is collected or processed, as well as the penalties that can be imposed as a result of violating the rights of said citizens.

What are the variations between the Law on the Implementation of the General Data Protection Regulation 2018 and the EU’s GPDR law?

Croatia’s Law on the Implementation of the General Data Protection Regulation 2018 varies from the EU’s GDPR law in certain respects as it pertains to the obligations of data controllers and processors. This is particularly true as it pertains to the collection and processing of special categories of personal data. For example, the “processing of genetic data for the calculation of the risk of disease and other health aspects of data subjects within the framework of activities for the conclusion or execution of life insurance contracts and contracts with clauses on survival shall be prohibited.” Alternatively, as it relates to biometric data processing, “public authorities may process biometric data only if laid down by law and necessary to protect persons, property, classified data, or professional secrets, taking into consideration that interests of data subjects which are contrary to the processing of biometric data from this Article should not prevail.”

Moreover, Croatia’s Law on the Implementation of the General Data Protection Regulation 2018 also mandates that certain restrictions are adhered to with respect to personal data that is collected via video surveillance. As stated in the law, the “processing of personal data by video surveillance may be carried out only for a purpose that is necessary and justified for the protection of persons and property, unless interests of data subjects that are contrary to the processing of personal data by video surveillance prevail.” Furthermore, the law also states that “video surveillance may cover premises, parts of premises, the outer surface of the building, as well as internal spaces in the means of public transportation, the surveillance of which is necessary to achieve the purpose referred to in paragraph 1 of this Article.”

What are the rights of Croatian citizens under the Law on the Implementation of the General Data Protection Regulation 2018?

Under Croatia’s Law on the Implementation of the General Data Protection Regulation 2018, the rights that are provided to Croatian citizens are largely the same as those offered to citizens residing within other EU member states. Such rights include but are not limited to the right to be informed of pertinent information concerning the processing of their personal data, the right to access any personal data pertaining to them that has been collected, processed, or disseminated, the right to request that their personal data be rectified or erased if said information has been found to be inaccurate, and the right to data portability. Additionally, the Law on the Implementation of the General Data Protection Regulation 2018 also provides Croatian citizens with the right to “to lodge a complaint in his name and to exercise in his name the rights referred to in Articles 77, 78, and 79 of the General Data Protection Regulation.”

To this end, Croatia’s Law on the Implementation of the General Data Protection Regulation 2018 is enforced by the Croatian Personal Data Protection Agency, or the Agency for short. As such, the Agency has the authority to impose a variety of fines and administrative sanctions against data controllers and processors within Croatia who are found to have violated the law, in accordance with the provisions of the EU’s GDPR law. Such sanctions and fines include:

The enactment of Croatia’s Law on the Implementation of the General Data Protection Regulation 2018 ensured that the provisions of the EU’s GDPR law would be fully implemented into Croatian law. As such, Croatia has joined the litany of other nations around the world that has sought legislative measures for the purposes of protecting the personal data and privacy of their respective citizens. Through the advent of such legislation, Croatian citizens have multiple avenues of recourse should they feel as though their rights have been infringed or otherwise violated, as the provisions of Croatia’s Law on the Implementation of the General Data Protection Regulation 2018 allow for steep punishments to be imposed against parties who fail to comply with the law.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »