As a consequence of the ECJ judgment, now widely known online as "Schrems II", the EU Commission has enacted new Standard Contractual Clauses introducing the Transfer Impact Assessment as an obligation for all data importers and exporters. This assessment is intended to show whether the government and authorities of the importing country can access the personal data that are being transferred. All organisations must align with the new Standard Contractual Clauses and prepare a Transfer Impact Assessment by 27 December 2022, so the clock is ticking. One might wonder what this has to do with companies operating in Serbia, which is not a member of the EU. But Serbian companies are impacted either as data importers or in the event of extended application of the GDPR. If you are a multinational company receiving personal data from the EU or are running a business that could fall under extended application of the GDPR, you should definitely examine this topic as soon as possible. In the extended version of this article we go into more detail about the transfer impact assessment in Serbia.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.