Since Serbia is not an EU Member State, the GDPR is not directly applicable in Serbia, yet the Serbian Parliament recently passed its own data protection law. It is not only applicable to data controllers, but also to data processors, and as a result, companies not established in Serbia may fall within the application of the country’s new data protection law, if there is any link between the data processing activity and Serbia. Therefore, it’s important to identify whether the GDPR is applicable on a case-by-case basis.
