Due to great interest in the topic of the entrepreneurs, the Agency is organizing another event on Wednesday, May 24, 2023, entitled “5 years of GDPR application: problems, solutions, fines and examples of good practice”, this time in cooperation with Croatia Employers’ Association (CEA), at the address Radnička cesta 37a, 10000 Zagreb, starting at 10:00 a.m.

This event is organized by the Agency and Croatian Association of Employees on the occasion of the 5th anniversary of the General Data Protection Regulation (GDPR), a legal regulation that has been directly applicable throughout the European Union since May 25, 2018, and which has been a turning point in the field of personal data protection and significantly changed awareness of the importance of personal data protection for business entities and individuals.

This is an activity within the EU funded project ARC2, which the Croatian Personal Data Protection Agency implements together with Italian Data Protection Authority (Garante Privacy), Faculty of Organisation and Informatics, Varaždin, Vrije University Bruxelles and University of Florence, with the aim of providing support to micro, small and medium-sized enterprises in harmonizing business processes with legal regulations on data protection.

The goal of the General Data Protection Regulation is to protect the personal data of natural persons, enable citizens to gain control over their personal data and create a high and uniform level of personal data protection in the European Union.

The General Data Protection Regulation determines the rights of individuals, and accordingly, the obligations of entities that process personal data. The General Data Protection Regulation must be implemented by all business entities that collect, store and in any way process personal data of Croatian citizens and citizens of the European Economic Area.

Also, on the 5th anniversary of the GDPR what we especially want to highlight is that all the organizations that process personal data must be aware of the rights of individuals regarding the processing of their personal data and enable them to exercise their rights.

Numerous of supervisory and educational activities carried out by the Agency have clearly shown that the level of compliance with the data protection legislative framework in the Republic of Croatia is not at a satisfactory level. The Agency continuously provides support primarily to personal data protection officers and micro, small and medium-sized entrepreneurs trough EU projects ARC and ARC2.

It is the last moment for companies, public authorities, and all data controllers/processors to realize that the deadline for adaptation has long passed and that after 5 years from the beginning of the full application of the GDPR, lack of information and ignorance cannot be a justification and excuse for violating the fundamental rights of Croatian and European citizens.

Furthermore, on this occasion, the Agency wishes to emphasize the key role of data protection officers in the personal data protection system, who are often the weakest link.

With adequate knowledge in the field of personal data protection, employees must have a good knowledge of the business processes of the organization in which they work, continuously educate themselves, and at the same time educate the employees in the organization in which they work as employee.

The aim of this event is to provide data controllers and processors and personal data protection officers with the latest trends and examples of good practice in the field of personal data protection, to share with AZOP experts the problems they face during the application of GDPR, and hopefully with their support and solutions raise the level of compliance in their organizations to a higher level.

The Agency points out that investment in personal data protection and information security for quite some time has not been an investment that is only necessary and desirable but has become an investment that is indispensable and crucial for successful business.

GDPR is here to stay, and data protection will play an increasingly important role in the context of big data and artificial intelligence, as we all could witness the example of the ban of Chat GPT whose use was banned by the Italian supervisory authority due to violation of GDPR provisions

The number of the participants at this event is limited, so we invite all interested representatives of data controllers/processors to apply for participation as soon as possible via the registration form no later than May 22, 2023, at 12 a.m. Participation is free, and registration is required.

If you have questions that you would like to ask the lecturers or suggest topics for discussion, please submit them via the registration form.



10:00 – 10:10 Introductory speeches

Irena Weber, CEO of the Croatian Employers’ Association

Igor Vulje, Deputy Director of the Personal Data Protection Agency


10:10 – 10:20 Presentation of the ARC2 project

Iva Nappholz, legal advisor for projects and support to branch associations from the Croatian Association of Employers, member of the Advisory Board of the ARC2 project

10:20  – 11:10 “Harmonizing business processes with GDPR: where do organizations make the most mistakes?”

Marko Trošelj, Head of the Department for International Data Transfers and Compliance Mechanisms, Personal Data Protection Agency

11:10  – 12:10 “Supervisory and investigative activities of AZOP: what you need to know and how to prepare?”

Siniša Kovačić, Head of the Service for Supervision, Investigations, Technologies, and Security

12:10 – 13:00 BREAK

13:00 – 14:00 “Fines for violators of the GDPR and the Act on the Implementation of the General Data Protection Regulation: the practice of AZOP and the EU supervisory authorities for data protection”

Antonio Katavić, Senior Advisor Specialist, Agency for Personal Data Protection