Data Protection Regulation in Bosnia and Herzegovina

What should you know about the new Data Protection Regulation (GDPR)?

We are only two months away from the most comprehensive change in European data protection policy in the last few decades. When the EU's General Data Protection Act (GDPR) enters into force in May 2018, it will replace the existing EU Data Protection Directive and all national laws that have been adopted with it, raising regulatory data protection standards in BiH and throughout the region.

Since May 2018, this Regulation has been applied in all EU Member States, but it also applies to all legal entities in BiH who work with EU citizens and BH companies operating in the EU.

What is the General Regulation on the Protection of Personal Data (GDPR)?

The GDPR, or the General Regulation on the Protection of Personal Data, is a complex law that brings many novelties and changes the way of work and handling of personal data of individuals.

The purpose of this Regulation is to unify the existing legal frameworks into a complete set of rules at the level of the entire European Union. The implementation of the directive will begin on May 25, 2018, and the stated date marks the deadline for adjusting all processes and information systems.

Personal data

Personal data are all data describing an individual whose identity has already been established or can be determined on the basis of the data collected. Personal data includes, among other things, the name, surname, identification number, image, voice, address, phone number, IP address, disease history and a list of your favorite literature or songs, if such data can lead to the direct or indirect identification of an individual.

GDPR will completely change the way in which personal data will be collected, used, processed and stored, and in the first place it will protect the personal data of individuals. One of the novelties of GDPR relates to the way in which users grant permission / consent to the collection and use of their personal data - the conditions must be written simply and comprehensively with a clear explanation of the purpose for which personal data are collected. Also, as users can simply give consent to data collection, they will be able to withdraw that consent as quickly and easily, that is, they have the right to be "forgotten" and ask for the collected data to be deleted.

Personal data must be kept in a form that allows the identification of the respondents only for as long as is necessary for the purposes for which personal data are processed. Exceptions are personal data that will be processed exclusively for archival purposes in the public interest, for the purpose of scientific or historical research or for statistical purposes which must be adequately secured in accordance with GDPR.

As the Regulation applies to all legal entities in BiH who work with the data of EU citizens and BH companies operating in the EU, the Collective Group, within which the Employment Agency Jobbing and Posao.ba are also operating, are required to make certain changes in the business, the manner of collecting and the distribution of candidate data.

This first means that we are obligated with our clients to sign contracts that include the obligation of the client to assume responsibility for the information it takes from our company and save them in their online or offline archives and to ensure the maximum protection of the downloaded data. Also, if the candidate asks for the deletion of his / her data, we will be obliged to permanently delete those data, which means that these data will no longer be available to us or to the client. According to current estimates, such situations should rarely occur in practice, but we are obliged to meet clients with this possibility. Penalties for non-compliance with the provisions of the GDPR can amount to up to 20 million euros.

We are currently in the process of aligning our business with GDPR. We will notify you in a timely manner about all processes that relate to your business.

?to biste trebali znati o novoj Uredbi o za?titi podataka (GDPR)?

Udaljeni smo svega dva mjeseca od najsveobuhvatnije promjene u evropskoj politici za?tite podataka u zadnjih nekoliko decenija. Kada Op?ta Uredba EU o za?titi podataka (GDPR) stupi na snagu u maju 2018. godine, ona ?e zamijeniti postoje?u Direktivu o za?titi podataka EU i sve nacionalne zakone koji su usvojeni uz nju, podi?u?i regulatorne standarde za za?titu podataka u BiH i ?irom regiona.

Od maja 2018. godine ova Uredba se po?inje primjenjivati u svim dr?avama ?lanicama Europske Unije, ali se ona primjenjuje i na sve pravne subjekte u BiH koji rade s podacima gra?ana EU, te BiH kompanije koje posluju na podru?ju EU.

?to je Op?ta Uredba o za?titi li?nih podataka (GDPR)?

GDPR odnosno Op?ta Uredba o za?titi li?nih podataka, kompleksan je zakon koji donosi mnoge novosti i mijenja na?in rada i rukovanja s li?nim podacima pojedinaca.

Svrha ove Uredbe je ujedna?avanje postoje?ih zakonskih okvira u jedan kompletan set pravila na nivou cijele Europske Unije. Primjena direktive zapo?inje 25. maja 2018. godine, a navedeni datum ozna?ava i krajnji rok za prilago?avanje svih procesa i informati?kih sistema.

Li?ni podaci

Li?ni podaci su svi podaci koji opisuju pojedinca ?iji je identitet ve? utvr?en ili se mo?e utvrditi na osnovu prikupljenih podataka. Li?ni podaci su izme?u ostalog ime, prezime, identifikacijski broj, slika, glas, adresa, broj telefona, IP adresa, istorija bolesti te popis najdra?e literature ili pjesama, ako takvi podaci mogu dovesti do direktnog ili indirektnog identificiranja pojedinca.

GDPR ?e u potpunosti izmijeniti na?in na koji ?e se li?ni podaci prikupljati, koristiti, obra?ivati i pohranjivati te na prvo mjesto stavlja za?titu li?nih podataka pojedinaca. Jedan od noviteta GDPR-a se odnosi na na?in na koji ?e korisnici davati dozvolu/saglasnost za skupljanje i kori?tenje njihovih li?nih podataka – uslovi moraju biti napisani jednostavno i razumljivo s jasnim obja?njenjem u koje se svrhe prikupljaju li?ni podaci. Tako?e, kao ?to ?e korisnici mo?i jednostavno dati pristanak na prikupljanje podataka, jednako brzo i jednostavno mo?i ?e povu?i taj pristanak, odnosno imaju pravo "biti zaboravljeni" i zatra?iti da se prikupljeni podaci izbri?u.

Li?ni podaci moraju biti ?uvani u obliku koji omogu?uje identifikaciju ispitanika samo onoliko dugo koliko je potrebno u svrhe radi kojih se li?ni podaci obra?uju. Iznimka su li?ni podaci koji ?e se obra?ivati isklju?ivo u svrhe arhiviranja u javnom interesu, u svrhe znanstvenog ili istorijskog istra?ivanja ili u statisti?ke svrhe koji se moraju adekvatno osigurati shodno GDPR-u.

Kako se Odredba odnosi na sve pravne subjekte u BiH koji rade s podacima gra?ana EU, te BiH kompanije koje posluju na podru?ju EU, Kolektiv grupa, u okviru koje posluje i Agencija za posredovanje u zapo?ljavanju Posao.ba i portal Posao.ba, su obavezni da izvr?i odre?ene izmjene u poslovanju, na?inu prikupljanja ali i podjele podataka o kandidatima.

Ovo najprije zna?i da smo obavezni sa klijentima potpisati ugovore koji sadr?e obavezu klijenta da preuzme odgovornost o podacima koje preuzme od na?e kompanije i sa?uva ih u svojim online ili offline arhivama te da osigura maksimalnu za?titu preuzetih podataka. Tako?e, ukoliko se desi da kandidat zatra?i brisanje njegovih / njenih podataka, bit ?emo obavezni te podatke da trajno obri?emo ?to zapravo zna?i da ti podaci vi?e ne?e biti dostupni niti nama niti klijentu. Prema trenutnim procjenama, ovakve situacije bi trebalo vrlo rijetko da se de?avaju u praksi ali mi smo obavezni da upoznamo klijente sa ovom mogu?no??u. Kazne za nepo?tivanje odredaba GDPR-a mogu iznositi i do 20 miliona eura.

Mi smo trenutno u procesu uskla?ivanja na?eg poslovanja sa GDPR-om. O svim procesima koji se budu odnosili i na Va?e poslovanje, blagovremeno ?emo Vas obavje?tavati.