On the occasion of the fifth anniversary of the General Data Protection Regulation (GDPR), a legal regulation directly applicable in the EU since 25 May 2018, the Agency in cooperation with the Croatian Employers’ Association, organised a consultation “5 years of application of the GDPR: Problems, Solutions, Fines and Good Practices” on Wednesday 24 May 2023.

The ARC2 team informed SMEs about the latest trends and examples of good, but also bad practices in the field of personal data protection. At the same time, it was also an opportunity for entrepreneurs to share the problems encountered in the application of the General Data Protection Regulation and, with the support of experts from the Croatian Personal Data Protection Agency find solutions for their compliance hurdles.

In his opening speech, Deputy Director Igor Vulje stressed that the Agency as a supervisory authority is not the primary repressive body, although the fines are always in the center of public and media attention. “We are also dedicated to our advisory role and we are very actively engaging with SMEs and other data controllers to understand their issues and help them to understand their obligations. Our goal is to help all stakeholders, to make them aware because awareness of the problem or need is the first step to finding solutions, thus eliminating problems and reducing risks. However, after five years of application of the General Data Protection Regulation, lack of information and even ignorance on how to align business processes with the data protection legal framework, can no longer be an excuse,” said the Deputy Director.

This consultation is an activity within the EU project ARC2 implemented by the Agency with the aim of supporting micro, small and medium-sized enterprises in aligning business with data protection legislation.  Iva Nappholz, Legal Advisor for Projects and Support to Branch Associations from the Croatian Employers’ Association, member of the Advisory Board in project ARC2, presented the expected results and goals of the project.

Topics of the consultation were fines for breaches of the General Data Protection Regulation and the Act on the Implementation of the General Data Protection Regulation, aligning business processes with the GDPR, discussion on where organisations make the mistakes and how to fix them; technical and organisational measures for data protection and how to prepare for the Agency’s supervisory and investigative activities.

During June 2023 the Agency is planning to conduct various educational activities and invites all the SMEs to participate. More information can be found at: https://arc-rec-project.eu/dogadanja/ .