During the month of December, the Commissioner for Information of Public Importance and Personal Data Protection conducted inspections in a great number of municipalities, metropolitan municipalities and metropolitan administrations that did not create the register of personal data protection compilations and entered those compilations in the Main Register as mandated by law.

In Commissioner's regard, the results of inspections are very worrying and confirm his belief that the state of affairs in the field of personal data protection is unsatisfactory, the belief he stated many times before.

This in mind, the Commissioner Rodoljub Sabic stated the following:

"The results of these activities are yet another confirmation of the necessity for a significantly different attitude of the state towards personal data protection. The results are very worrying, taken into consideration the fact that the scope of inspections was the fulfillment of the most basic legal requirements. It is a matter of fact that only a handful of municipalities, metropolitan municipalities and metropolitan administrations fulfilled these obligations, and that, even four years after the Law on Personal Data Protection came into force, three quarters of municipalities and cities failed to do so. The aforementioned fact speaks for itself and does not require any additional comments.

At the beginning of December, correspondence was sent to 107 municipalities, 17 metropolitan municipalities and 12 metropolitan administrations asking them to provide reasons for failing to fulfill their legal requirements. Those ones that failed to provide answers by the set deadline were served with warnings; some of them even twice. The total number of warnings was 91.

Even after the second warning, 20 or so entities failed to provide answers, which will result in the initiation of misdemeanor proceedings against the responsible individuals and is also an indicator of the attitude of certain authorities towards the Law on Personal Data Protection and legal obligations in general.

Upon receiving the correspondence from the Commissioner, the majority of inspected entities did provide answers to the posed questions, asked for help and undertook steps in order to fulfill their legal requirements. The aforementioned, as well as the content of the communication that transpired, leads us to the conclusion that the failure to fulfill the obligations is a result of inadequate knowledge of importance, content and scope of standards set by the Law on Personal Data Protection, sometimes even complete misunderstanding and lack of knowledge. This can be an explanation, but not an excuse of course. This state of affairs is a consequence of the lack of necessary educational measures conducted by other entities than the Commissioner.

The aforementioned is another opportunity for me to warn of the fact that  two years had passed from the adoption of the Personal Data Protection Strategy and the action plan for its implementation still has not been drafted - it seems as if the authorities are not planning to do so in the near future. The previously mentioned situation is bound to result in numerous negative consequences."