0A4F4F9BD490A749D5437F821CF06DF1
Implementation Act of the General Data Protection Act (NN 42/18) (2018)
https://narodne-novine.nn.hr/clanci/sluzbeni/2018_05_42_805.html
http://leaux.net/URLS/ConvertAPI Text Files/B8FDE44F8F529F7168B5E0DF45E04B77.en.txt
Examining the file media/Synopses/B8FDE44F8F529F7168B5E0DF45E04B77.html:
This file was generated: 2020-07-14 08:10:42
Indicators in focus are typically shown highlighted in yellow; |
Peer Indicators (that share the same Vulnerability association) are shown highlighted in pink; |
"Outside" Indicators (those that do NOT share the same Vulnerability association) are shown highlighted in green; |
Trigger Words/Phrases are shown highlighted in gray. |
Link to Orphaned Trigger Words (Appendix (Indicator List, Indicator Peers, Trigger Words, Type/Vulnerability/Indicator Overlay)
Applicable Type / Vulnerability / Indicator Overlay for this Input
Political / Prosecuted
Searching for indicator prosecuted:
(return to top)
p.000805: of the Director no later than six months before the expiry of the term of office of the Director and Deputy Director, or 30 days after the termination of office at the latest
p.000805: the term of office ceased before the expiration of his term of office. The central state administration body shall submit the competent state administration system to the Government of the Republic of Croatia
p.000805: nominations submitted, indicating the candidates who submitted timely and complete candidacy.
p.000805: (6) The Government of the Republic of Croatia shall determine the proposal of the candidate for director or deputy director and submit it to the Croatian Parliament.
p.000805: (7) In the event of termination of the Director's term of office, before the expiration of the term for which the Director has been appointed, the Deputy Director shall act until
p.000805: appointing a director in a procedure initiated pursuant to paragraph 5 of this Article, for a maximum of six months.
p.000805: Conditions for appointment of the Director and Deputy Director
p.000805: Article 8
p.000805: (1) A person who fulfills the following conditions may be appointed Director and Deputy Director:
p.000805: - holds Croatian citizenship and residence in the Republic of Croatia
p.000805: - has undergraduate and graduate university degree or integrated undergraduate and graduate university degree or specialist
p.000805: undergraduate and graduate professional studies
p.000805: - has at least ten years of professional experience
p.000805: - is a prominent expert with a recognized professional reputation and expertise in the field of personal data protection
p.000805: - has not been convicted and is not being prosecuted for the offenses for which the proceedings are instituted ex officio
p.000805: - not a member of a political party.
p.000805: (2) The provisions of the regulations governing the obligations and rights of state officials and regulations governing the application of the Director and Deputy Director shall apply to the Director.
p.000805: regulates conflict of interest prevention.
p.000805: (3) The coefficient for calculating the salary of the Director is 5.50.
p.000805: (4) The coefficient for calculating the salary of the Deputy Director is 4.26.
p.000805: Dismissal of the Director and Deputy Director
p.000805: Article 9
p.000805: (1) The Croatian Parliament shall dismiss the duties of the Director and the Deputy Director before the expiration of the term for which he was elected:
p.000805: - if he asks for it himself
p.000805: - if circumstances no longer qualify for election arise
p.000805: - if he committed a serious breach of duty. A director or a deputy director is considered to have committed a serious breach of duty if he or she does not perform
p.000805: duty in accordance with law.
p.000805: (2) The procedure for dismissal of the Director and the Deputy Director shall be initiated at the proposal of the Government of the Republic of Croatia.
p.000805: Expert service
p.000805: Article 10
p.000805: (1) The Agency shall have a professional service.
p.000805: (2) The provisions of the regulations governing the rights and obligations of civil servants shall apply to employees of the Agency's professional service.
p.000805: (3) The manner of work, the manner of planning and carrying out the affairs, the internal organization and other matters important for the performance of the Agency's activities shall be regulated.
...
p.000805: the implementation of the surveillance referred to in paragraph 2 of this Article.
p.000805: (5) The order for carrying out the supervision referred to in paragraph 1 of this Article shall be issued by the Director of the Agency.
p.000805: Copies, printing and temporary taking of storage systems and equipment
p.000805: Article 37
p.000805: (1) Authorized persons may, where necessary, make copies of available documents, copy all contents of the storage system and collect others
p.000805: relevant information.
p.000805: (2) If, for technical reasons, it is not possible to make copies of the necessary documentation during surveillance, the authorized persons shall, as appropriate, withdraw
p.000805: necessary storage systems and equipment that contains other relevant information and retain it as long as necessary to produce copies of that documentation, and
p.000805: up to 15 days from the date of seizure of storage and equipment.
p.000805: (3) Authorized persons may seal storage systems or equipment during surveillance and to the extent necessary for the implementation of surveillance
p.000805: activities if there is a risk of destruction or alteration of evidence, for a maximum of 15 days from the date of printing of the storage system or equipment.
p.000805: (4) An authorized person shall be obliged to make an official note on the copying, printing and temporary taking of the storage system and equipment.
p.000805: provide relevant information about the data or equipment covered by the operation and hand over a copy to the supervised entity.
p.000805: Suspicion of a criminal offense
p.000805: Article 38
p.000805: If, during the course of the surveillance, he / she becomes aware or finds objects that indicate that he / she has been prosecuted
p.000805: Duties, authorized persons shall inform the competent police station or the State Attorney as soon as possible.
p.000805: Classified information
p.000805: Article 39
p.000805: (1) Any access, copying and any other processing of data classified with a security classification by a specific regulation
p.000805: shall be conducted in accordance with the regulations governing the protection of confidentiality of information.
p.000805: (2) Any access, copying and any other processing of data classified with a classification by virtue of a special regulation
p.000805: it will be conducted by officials who hold a valid certificate of access to classified information in accordance with the regulations governing the protection of confidentiality of information.
p.000805: Record of supervision carried out
p.000805: Article 40
p.000805: (1) Minutes shall be made of the supervision carried out. The minutes shall contain in particular:
p.000805: 1. place and date of implementation of supervision
p.000805: 2. an indication of whether the surveillance was announced or unannounced
p.000805: 3. the personal names and signatures of the authorized persons who participated in the surveillance and the representative of the supervised person
p.000805: 4. a description of the course and content of each action taken during the monitoring and the statements made
p.000805: 5. a list of documents and other objects used, copied, sealed and / or temporarily seized during the surveillance activity
p.000805: 6. a lesson on the right to comment on the minutes.
...
Political / criminal
Searching for indicator criminal:
(return to top)
p.000805: Law, OG 42 / 2018-805 More
p.000805: CROATIAN PARLIAMENT
p.000805: 805
p.000805: Pursuant to Article 89 of the Constitution of the Republic of Croatia, I hereby
p.000805: DECISION
p.000805: DECLARING THE LAW ON IMPLEMENTATION OF THE GENERAL DATA PROTECTION REGULATION
p.000805: I hereby promulgate the Law on Implementation of the General Data Protection Regulation, adopted by the Croatian Parliament at its session of 27 April 2018.
p.000805: Class: 011-01 / 18-01 / 48
p.000805: Reg. No: 71-06-01 / 1-18-2
p.000805: Zagreb, May 3, 2018
p.000805: President
p.000805: Of the Republic of Croatia
p.000805: Kolinda Grabar-Kitarović, v. R.
p.000805: LAW
p.000805: ON THE IMPLEMENTATION OF THE GENERAL DATA PROTECTION REGULATION
p.000805: I. GENERAL PROVISIONS
p.000805: The subject of the Act
p.000805: Article 1.
p.000805: (1) This Act provides for the implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to
p.000805: the processing of personal data and the free movement of such data and the repeal of Directive 95/46 / EC (General Data Protection Regulation)
p.000805: (Text with EEA relevance) (OJ L 119, 4. 5. 2016) (hereinafter referred to as the General Data Protection Regulation).
p.000805: (2) This Act does not apply to the processing of personal data carried out by competent authorities for the purpose of prevention, investigation, detection or persecution
p.000805: criminal offenses or the enforcement of criminal sanctions, including protection against and prevention of public security threats, as well as in the area of national
p.000805: security and defense.
p.000805: Gender neutrality
p.000805: Article 2
p.000805: Terms used in this Act that have a gender meaning, whether used in masculine or feminine gender, include:
p.000805: the same way male and female.
p.000805: concepts
p.000805: Article 3
p.000805: (1) Terms within the meaning of this Act have the same meaning as those used in the General Data Protection Regulation.
p.000805: (2) "Public authorities" within the meaning of this Act are: state administration bodies and other state bodies, units of local and regional (regional)
p.000805: self.
p.000805: II. COMPETENT AUTHORITIES
p.000805: The supervisory authority
p.000805: Article 4
p.000805: (1) The supervisory authority, within the meaning of Article 51 of the General Data Protection Regulation, is the Personal Data Protection Agency (hereinafter:
p.000805: Agency).
p.000805: (2) The Agency is an independent state body. The Agency is independent and independent in its work and is responsible for its work to the Croatian Parliament.
p.000805: (3) The seat of the Agency shall be in Zagreb.
p.000805: Accreditation body
p.000805: Article 5
p.000805: National accreditation body designated in accordance with Regulation (EC) No 1049/2001 765/2008 of the European Parliament and of the Council of 9 July 2008 o
p.000805: determining the requirements for accreditation and market surveillance in respect of the placing on the market of a product and repealing Regulation (EEC) No. 339/93
p.000805: the competent authority is to accredit certification bodies in accordance with Article 43 (1) of the General Data Protection Regulation.
p.000805: Authority of the Agency
p.000805: Article 6
p.000805: (1) In addition to the powers set out in the General Data Protection Regulation, the Agency shall perform the following tasks:
p.000805: - when prescribed by a special law, may institute and have the right to participate in criminal, misdemeanor, administrative and other judicial and
p.000805: out-of-court proceedings for breach of the General Data Protection Regulation and this Act
p.000805: - adopts the Criteria for determining the amount of compensation for administrative costs referred to in Article 43, paragraph 2 of this Law and the Criteria for determining the amount
p.000805: fees referred to in Article 43, paragraph 3 of this Act
p.000805: - publish individual decisions in accordance with Articles 18 and 48 of this Law on the Agency's web pages
p.000805: - initiates and conducts appropriate actions against responsible persons for violation of the General Data Protection Regulation and this Law
p.000805: - performs the tasks of an independent oversight body to monitor the application of Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on
p.000805: the protection of individuals with regard to the processing of personal data by competent authorities for the purpose of preventing, investigating, detecting or prosecuting criminal offenses or
p.000805: the enforcement of criminal sanctions and the free movement of such data and the repeal of Council Framework Decision 2008/977 / JHA, unless
p.000805: special regulations do not specify otherwise
p.000805: - performs other legally prescribed tasks.
p.000805: (2) If the Agency questions the validity of the European Commission's implementing decision on adequacy and standard contractual clauses, it shall suspend
p.000805: will administrative proceedings and transfer the case to the High Administrative Court of the Republic of Croatia for the administrative matter.
p.000805: (3) In the procedure referred to in paragraph 2 of this Article, the High Administrative Court of the Republic of Croatia, if it considers that the decision of the European Commission is not valid,
p.000805: will apply for a review of the validity of the present decision to the Court of Justice of the European Union in accordance with Article 267 of the Treaty on the Functioning of the European Union.
p.000805: (4) The Agency shall supervise the implementation of this Act.
p.000805: III. AGENCY FOR PERSONAL DATA PROTECTION
p.000805: Managing the Agency
p.000805: Article 7
p.000805: (1) The work of the Agency shall be managed by the Director (hereinafter: the Director).
p.000805: (2) The director has a deputy.
p.000805: (3) The Director and Deputy Director shall be appointed by the Croatian Parliament at the proposal of the Government of the Republic of Croatia, based on a public invitation for delivery.
p.000805: candidacy.
p.000805: (4) The director and the deputy director shall be appointed for a term of four years and may be appointed to this position no more than twice.
...
p.000805: (4) Upon request of the Agency, the ministry responsible for internal affairs shall, in accordance with special regulations, provide assistance in
p.000805: the implementation of the surveillance referred to in paragraph 2 of this Article.
p.000805: (5) The order for carrying out the supervision referred to in paragraph 1 of this Article shall be issued by the Director of the Agency.
p.000805: Copies, printing and temporary taking of storage systems and equipment
p.000805: Article 37
p.000805: (1) Authorized persons may, where necessary, make copies of available documents, copy all contents of the storage system and collect others
p.000805: relevant information.
p.000805: (2) If, for technical reasons, it is not possible to make copies of the necessary documentation during surveillance, the authorized persons shall, as appropriate, withdraw
p.000805: necessary storage systems and equipment that contains other relevant information and retain it as long as necessary to produce copies of that documentation, and
p.000805: up to 15 days from the date of seizure of storage and equipment.
p.000805: (3) Authorized persons may seal storage systems or equipment during surveillance and to the extent necessary for the implementation of surveillance
p.000805: activities if there is a risk of destruction or alteration of evidence, for a maximum of 15 days from the date of printing of the storage system or equipment.
p.000805: (4) An authorized person shall be obliged to make an official note on the copying, printing and temporary taking of the storage system and equipment.
p.000805: provide relevant information about the data or equipment covered by the operation and hand over a copy to the supervised entity.
p.000805: Suspicion of a criminal offense
p.000805: Article 38
p.000805: If, during the course of the surveillance, he / she becomes aware or finds objects that indicate that he / she has been prosecuted
p.000805: Duties, authorized persons shall inform the competent police station or the State Attorney as soon as possible.
p.000805: Classified information
p.000805: Article 39
p.000805: (1) Any access, copying and any other processing of data classified with a security classification by a specific regulation
p.000805: shall be conducted in accordance with the regulations governing the protection of confidentiality of information.
p.000805: (2) Any access, copying and any other processing of data classified with a classification by virtue of a special regulation
p.000805: it will be conducted by officials who hold a valid certificate of access to classified information in accordance with the regulations governing the protection of confidentiality of information.
p.000805: Record of supervision carried out
p.000805: Article 40
p.000805: (1) Minutes shall be made of the supervision carried out. The minutes shall contain in particular:
p.000805: 1. place and date of implementation of supervision
p.000805: 2. an indication of whether the surveillance was announced or unannounced
p.000805: 3. the personal names and signatures of the authorized persons who participated in the surveillance and the representative of the supervised person
p.000805: 4. a description of the course and content of each action taken during the monitoring and the statements made
...
Political / political affiliation
Searching for indicator party:
(return to top)
p.000805: the term of office ceased before the expiration of his term of office. The central state administration body shall submit the competent state administration system to the Government of the Republic of Croatia
p.000805: nominations submitted, indicating the candidates who submitted timely and complete candidacy.
p.000805: (6) The Government of the Republic of Croatia shall determine the proposal of the candidate for director or deputy director and submit it to the Croatian Parliament.
p.000805: (7) In the event of termination of the Director's term of office, before the expiration of the term for which the Director has been appointed, the Deputy Director shall act until
p.000805: appointing a director in a procedure initiated pursuant to paragraph 5 of this Article, for a maximum of six months.
p.000805: Conditions for appointment of the Director and Deputy Director
p.000805: Article 8
p.000805: (1) A person who fulfills the following conditions may be appointed Director and Deputy Director:
p.000805: - holds Croatian citizenship and residence in the Republic of Croatia
p.000805: - has undergraduate and graduate university degree or integrated undergraduate and graduate university degree or specialist
p.000805: undergraduate and graduate professional studies
p.000805: - has at least ten years of professional experience
p.000805: - is a prominent expert with a recognized professional reputation and expertise in the field of personal data protection
p.000805: - has not been convicted and is not being prosecuted for the offenses for which the proceedings are instituted ex officio
p.000805: - not a member of a political party.
p.000805: (2) The provisions of the regulations governing the obligations and rights of state officials and regulations governing the application of the Director and Deputy Director shall apply to the Director.
p.000805: regulates conflict of interest prevention.
p.000805: (3) The coefficient for calculating the salary of the Director is 5.50.
p.000805: (4) The coefficient for calculating the salary of the Deputy Director is 4.26.
p.000805: Dismissal of the Director and Deputy Director
p.000805: Article 9
p.000805: (1) The Croatian Parliament shall dismiss the duties of the Director and the Deputy Director before the expiration of the term for which he was elected:
p.000805: - if he asks for it himself
p.000805: - if circumstances no longer qualify for election arise
p.000805: - if he committed a serious breach of duty. A director or a deputy director is considered to have committed a serious breach of duty if he or she does not perform
p.000805: duty in accordance with law.
p.000805: (2) The procedure for dismissal of the Director and the Deputy Director shall be initiated at the proposal of the Government of the Republic of Croatia.
p.000805: Expert service
p.000805: Article 10
p.000805: (1) The Agency shall have a professional service.
p.000805: (2) The provisions of the regulations governing the rights and obligations of civil servants shall apply to employees of the Agency's professional service.
p.000805: (3) The manner of work, the manner of planning and carrying out the affairs, the internal organization and other matters important for the performance of the Agency's activities shall be regulated.
p.000805: Rules of Procedure of the Agency issued by the Director.
p.000805: (4) The Agency's Rules of Procedure shall be approved by the Croatian Parliament. The Ordinance shall be published in the Official Gazette.
...
p.000805: official statistics to the extent that such rights are likely to be precluded or seriously jeopardized and, where such rights are attained,
p.000805: derogations necessary to achieve these purposes.
p.000805: (2) Bodies responsible for producing official statistics shall apply the technical and organizational measures for the protection of data collected for
p.000805: official statistics needs.
p.000805: (3) Managers of the processing of personal data are not obliged to inform bodies responsible for official statistics when transferring personal data
p.000805: respondents on the transfer of personal data for statistical purposes.
p.000805: (4) The processing of personal data for statistical purposes is considered to be in line with the purpose for which the data were collected, provided that they are undertaken
p.000805: appropriate safeguards.
p.000805: (5) Personal data processed for statistical purposes shall not allow identification of the data subject.
p.000805: V. PROCEDURE IN AGENCY'S JURISDICTION AND REMEDIES
p.000805: Article 34
p.000805: (1) Anyone who considers that a right guaranteed by this Act and the General Data Protection Regulation has been violated may submit to the Agency
p.000805: a claim for infringement.
p.000805: (2) The Agency shall decide on the violation of rights by a decision.
p.000805: (3) The decision of the Agency is an administrative act.
p.000805: (4) No appeal shall be allowed against the Agency's decision, but an administrative dispute may be brought before the competent administrative court.
p.000805: Article 35
p.000805: (1) If the decision requires the deletion or other irreversible removal of personal data, the dissatisfied party may ask the competent
p.000805: the administrative court postpones the deletion or other irreversible removal of personal data if it proves that a disproportionate effort would again
p.000805: collected personal information whose deletion or irreversible removal is requested.
p.000805: (2) If the competent administrative court accepts the request referred to in paragraph 1 of this Article, the party ordered to delete or otherwise irreversibly remove the personal
p.000805: the data is obliged to block all processing of the disputed personal data, except their storage, until a final court decision is rendered.
p.000805: Implementation of supervision
p.000805: Article 36
p.000805: (1) Authorized officers of the Agency independently, and in certain cases with the participation of representatives of the visiting supervisory body (hereinafter
p.000805: "Authorized persons") may carry out announced or unannounced surveillance. Supervised person or processing manager supervises the implementation of unannounced supervision
p.000805: or the processing executor will be notified at the location and at the time of the inspection.
p.000805: (2) Prior to the commencement of the supervision referred to in paragraph 1 of this Article, authorized persons shall present themselves by presenting an official ID and order for
p.000805: supervision.
p.000805: (3) If the obstruction is expected to be impeded by the conduct of surveillance, the Agency shall submit a written request to the ministry responsible for
p.000805: internal affairs to assist in carrying out these supervisory activities.
p.000805: (4) Upon request of the Agency, the ministry responsible for internal affairs shall, in accordance with special regulations, provide assistance in
p.000805: the implementation of the surveillance referred to in paragraph 2 of this Article.
p.000805: (5) The order for carrying out the supervision referred to in paragraph 1 of this Article shall be issued by the Director of the Agency.
p.000805: Copies, printing and temporary taking of storage systems and equipment
p.000805: Article 37
p.000805: (1) Authorized persons may, where necessary, make copies of available documents, copy all contents of the storage system and collect others
p.000805: relevant information.
...
p.000805: on data protection.
p.000805: (2) If an administrative fine is imposed against a legal person with public authority or against a legal person performing public service, pronounced
p.000805: the administrative fine shall not jeopardize the exercise of such public authority or public service.
p.000805: Article 45
p.000805: (1) Administrative fines shall be imposed by decision.
p.000805: (2) The decision referred to in paragraph 1 of this Article shall determine the amount and manner of payment of the administrative fine. The decision may determine that the administrative money
p.000805: the penalty is paid in installments.
p.000805: (3) Where, in accordance with Article 83 of the General Regulation, administrative fines are imposed in addition to the measures referred to in Article 58 (2) (a) to (h) and (j) of the General
p.000805: of the decree, the decision on the administrative fine is made upon the validity of the decision imposing the measure.
p.000805: (4) No appeal shall be allowed against the decision referred to in paragraph 1 of this Article, but an administrative dispute may be instituted before the competent administrative court.
p.000805: (5) The criteria for installment repayment and conditions for termination of installment repayment of the administrative fine shall be determined by the Agency according to the amount of the administrative fine.
p.000805: The criteria shall be published in the Official Gazette and on the Agency's website.
p.000805: Article 46
p.000805: (1) An administrative fine shall be paid within 15 days from the date of the final decision rendering it.
p.000805: (2) If the party fails to pay the administrative fine within the prescribed period or upon maturity of the last installment if installment payment is approved,
p.000805: The Agency shall inform the Regional Office of the Tax Administration of the Ministry of Finance in the territory of which it is domiciled or the seat of the party to which it is
p.000805: imposed administrative fine, for the purpose of collecting administrative fine by compulsory payment under the regulations on compulsory tax collection.
p.000805: (3) Administrative fines shall be paid in favor of the state budget.
p.000805: (4) By way of derogation from paragraph 2 of this Article, no interest shall be charged on the overdue and unpaid administrative fine.
p.000805: Exclusion of administrative fines
p.000805: to public authorities
p.000805: Article 47
p.000805: Without prejudice to the exercise of the Agency's powers set out in the provision of Article 58 of the General Data Protection Regulation in the proceedings conducted
p.000805: an administrative fine may not be imposed on a public authority against a public authority for violations of this Act or the General Data Protection Regulation.
p.000805: Article 48
p.000805: The final decision shall be published on the Agency's website without anonymizing the perpetrator, if the decision determines
p.000805: violations of this Act or of the General Data Protection Regulation in relation to the processing of personal data of minors, special categories of personal data,
p.000805: automated individual decision-making, profiling, if the violation was committed by the processing manager or the processing performer who had already violated
p.000805: provisions of this Act or of the General Data Protection Regulation or if a decision has been taken on an administrative fine in the amount of
p.000805: at least HRK 100,000.00 which has become final.
...
Searching for indicator political:
(return to top)
p.000805: the term of office ceased before the expiration of his term of office. The central state administration body shall submit the competent state administration system to the Government of the Republic of Croatia
p.000805: nominations submitted, indicating the candidates who submitted timely and complete candidacy.
p.000805: (6) The Government of the Republic of Croatia shall determine the proposal of the candidate for director or deputy director and submit it to the Croatian Parliament.
p.000805: (7) In the event of termination of the Director's term of office, before the expiration of the term for which the Director has been appointed, the Deputy Director shall act until
p.000805: appointing a director in a procedure initiated pursuant to paragraph 5 of this Article, for a maximum of six months.
p.000805: Conditions for appointment of the Director and Deputy Director
p.000805: Article 8
p.000805: (1) A person who fulfills the following conditions may be appointed Director and Deputy Director:
p.000805: - holds Croatian citizenship and residence in the Republic of Croatia
p.000805: - has undergraduate and graduate university degree or integrated undergraduate and graduate university degree or specialist
p.000805: undergraduate and graduate professional studies
p.000805: - has at least ten years of professional experience
p.000805: - is a prominent expert with a recognized professional reputation and expertise in the field of personal data protection
p.000805: - has not been convicted and is not being prosecuted for the offenses for which the proceedings are instituted ex officio
p.000805: - not a member of a political party.
p.000805: (2) The provisions of the regulations governing the obligations and rights of state officials and regulations governing the application of the Director and Deputy Director shall apply to the Director.
p.000805: regulates conflict of interest prevention.
p.000805: (3) The coefficient for calculating the salary of the Director is 5.50.
p.000805: (4) The coefficient for calculating the salary of the Deputy Director is 4.26.
p.000805: Dismissal of the Director and Deputy Director
p.000805: Article 9
p.000805: (1) The Croatian Parliament shall dismiss the duties of the Director and the Deputy Director before the expiration of the term for which he was elected:
p.000805: - if he asks for it himself
p.000805: - if circumstances no longer qualify for election arise
p.000805: - if he committed a serious breach of duty. A director or a deputy director is considered to have committed a serious breach of duty if he or she does not perform
p.000805: duty in accordance with law.
p.000805: (2) The procedure for dismissal of the Director and the Deputy Director shall be initiated at the proposal of the Government of the Republic of Croatia.
p.000805: Expert service
p.000805: Article 10
p.000805: (1) The Agency shall have a professional service.
p.000805: (2) The provisions of the regulations governing the rights and obligations of civil servants shall apply to employees of the Agency's professional service.
p.000805: (3) The manner of work, the manner of planning and carrying out the affairs, the internal organization and other matters important for the performance of the Agency's activities shall be regulated.
p.000805: Rules of Procedure of the Agency issued by the Director.
...
Social / Access to Social Goods
Searching for indicator access:
(return to top)
p.000805: (2) Unless otherwise stipulated by another law, the provisions of this shall apply to the processing of personal data through video surveillance systems.
p.000805: Act.
p.000805: Article 26
p.000805: (1) The processing of personal data through video surveillance may only be carried out for the purpose necessary and justified for the protection of persons and property, if not
p.000805: the interests of respondents who are opposed to the processing of data via video surveillance prevail.
p.000805: (2) Video surveillance may include rooms, parts of rooms, the exterior surface of the building, as well as the interior space in public
p.000805: traffic, and the supervision of which is necessary to achieve the purpose referred to in paragraph 1 of this Article.
p.000805: Article 27
p.000805: (1) The processing manager or the processing executor is obliged to indicate that the object or individual room in it and the exterior surface of the object are under
p.000805: video surveillance, and the tag should be visible at the latest when entering the recording perimeter.
p.000805: (2) The notification referred to in paragraph 1 of this Article must contain all relevant information in accordance with the provisions of Article 13 of the General Data Protection Regulation, and
p.000805: a particularly simple and easy-to-understand image with text that provides respondents with the following information:
p.000805: - the space is under video surveillance
p.000805: - information about the processing manager
p.000805: - contact information through which the respondent can exercise his rights.
p.000805: Article 28
p.000805: (1) The right of access to personal data collected through video surveillance is vested in the responsible person of the processing manager or the processing executor and / or
p.000805: the person he authorizes.
p.000805: (2) Persons referred to in paragraph 1 of this Article may not use video recordings from the video surveillance system contrary to the purpose specified in Article 26, paragraph 1 of this
p.000805: Act.
p.000805: (3) The video surveillance system must be protected from access by unauthorized persons.
p.000805: (4) The processing manager and the processing executor shall establish an automated system of records for recording access to video surveillance recordings, which shall
p.000805: contain the time and place of access, as well as the tag of the persons who accessed the data collected through the video surveillance.
p.000805: (5) The competent state bodies shall have access to the information referred to in paragraph 1 of this Article within the framework of carrying out activities within their scope determined by law.
p.000805: Article 29
p.000805: Recordings obtained through video surveillance can be stored for a maximum of six months, unless otherwise prescribed by law or longer
p.000805: evidence in judicial, administrative, arbitration or other equivalent proceedings.
p.000805: Video surveillance of workrooms
p.000805: Article 30
p.000805: (1) The processing of personal data of employees through video surveillance systems may be carried out only if they are subject to the conditions laid down in this Act
p.000805: the conditions laid down by the regulations governing occupational safety have been fulfilled and if the employees were adequately informed in advance of such
p.000805: measures, and if the employer informed the employees before making the decision to set up a video surveillance system.
p.000805: (2) Video surveillance of work premises shall not include rest rooms, personal hygiene and changing rooms.
p.000805: Video surveillance of residential buildings
p.000805: Article 31
p.000805: (1) The establishment of video surveillance in residential or commercial-residential buildings requires the consent of co-owners of at least 2/3
p.000805: co-ownership parts.
p.000805: (2) Video surveillance may cover only access to entrances and exits of residential buildings and common rooms in residential buildings.
p.000805: (3) It is prohibited to use video surveillance to monitor the performance of janitors, cleaners and other persons working in an apartment building.
p.000805: Video surveillance of public areas
p.000805: Article 32
p.000805: (1) Monitoring of public areas through video surveillance is allowed only to bodies of public authority, legal persons with public authority and legal entities.
p.000805: to persons performing public service only if prescribed by law, if necessary for the performance of the tasks and tasks of public authorities or for the protection
p.000805: the life and health of the people of that property.
p.000805: (2) The provisions of this Article shall not preclude the application of Article 35 of the General Data Protection Regulation to the systematic monitoring of a publicly accessible area in
p.000805: largely.
p.000805: Processing of personal data for statistical purposes
p.000805: Article 33
p.000805: (1) In the framework of the processing of personal data for the purpose of producing official statistics in accordance with specific regulations in the field of official statistics, the bodies
p.000805: which produce official statistics are not obliged to provide respondents with the right of access to personal data, the right to correct personal data, the right to
p.000805: restriction of the processing of personal data or the right to object to the processing of personal data in order to ensure the conditions necessary for the achievement of the purpose
p.000805: official statistics to the extent that such rights are likely to be precluded or seriously jeopardized and, where such rights are attained,
p.000805: derogations necessary to achieve these purposes.
p.000805: (2) Bodies responsible for producing official statistics shall apply the technical and organizational measures for the protection of data collected for
p.000805: official statistics needs.
p.000805: (3) Managers of the processing of personal data are not obliged to inform bodies responsible for official statistics when transferring personal data
p.000805: respondents on the transfer of personal data for statistical purposes.
p.000805: (4) The processing of personal data for statistical purposes is considered to be in line with the purpose for which the data were collected, provided that they are undertaken
p.000805: appropriate safeguards.
p.000805: (5) Personal data processed for statistical purposes shall not allow identification of the data subject.
p.000805: V. PROCEDURE IN AGENCY'S JURISDICTION AND REMEDIES
p.000805: Article 34
p.000805: (1) Anyone who considers that a right guaranteed by this Act and the General Data Protection Regulation has been violated may submit to the Agency
p.000805: a claim for infringement.
p.000805: (2) The Agency shall decide on the violation of rights by a decision.
p.000805: (3) The decision of the Agency is an administrative act.
p.000805: (4) No appeal shall be allowed against the Agency's decision, but an administrative dispute may be brought before the competent administrative court.
...
p.000805: Article 37
p.000805: (1) Authorized persons may, where necessary, make copies of available documents, copy all contents of the storage system and collect others
p.000805: relevant information.
p.000805: (2) If, for technical reasons, it is not possible to make copies of the necessary documentation during surveillance, the authorized persons shall, as appropriate, withdraw
p.000805: necessary storage systems and equipment that contains other relevant information and retain it as long as necessary to produce copies of that documentation, and
p.000805: up to 15 days from the date of seizure of storage and equipment.
p.000805: (3) Authorized persons may seal storage systems or equipment during surveillance and to the extent necessary for the implementation of surveillance
p.000805: activities if there is a risk of destruction or alteration of evidence, for a maximum of 15 days from the date of printing of the storage system or equipment.
p.000805: (4) An authorized person shall be obliged to make an official note on the copying, printing and temporary taking of the storage system and equipment.
p.000805: provide relevant information about the data or equipment covered by the operation and hand over a copy to the supervised entity.
p.000805: Suspicion of a criminal offense
p.000805: Article 38
p.000805: If, during the course of the surveillance, he / she becomes aware or finds objects that indicate that he / she has been prosecuted
p.000805: Duties, authorized persons shall inform the competent police station or the State Attorney as soon as possible.
p.000805: Classified information
p.000805: Article 39
p.000805: (1) Any access, copying and any other processing of data classified with a security classification by a specific regulation
p.000805: shall be conducted in accordance with the regulations governing the protection of confidentiality of information.
p.000805: (2) Any access, copying and any other processing of data classified with a classification by virtue of a special regulation
p.000805: it will be conducted by officials who hold a valid certificate of access to classified information in accordance with the regulations governing the protection of confidentiality of information.
p.000805: Record of supervision carried out
p.000805: Article 40
p.000805: (1) Minutes shall be made of the supervision carried out. The minutes shall contain in particular:
p.000805: 1. place and date of implementation of supervision
p.000805: 2. an indication of whether the surveillance was announced or unannounced
p.000805: 3. the personal names and signatures of the authorized persons who participated in the surveillance and the representative of the supervised person
p.000805: 4. a description of the course and content of each action taken during the monitoring and the statements made
p.000805: 5. a list of documents and other objects used, copied, sealed and / or temporarily seized during the surveillance activity
p.000805: 6. a lesson on the right to comment on the minutes.
p.000805: (2) If the record referred to in paragraph 1 of this Article has been drawn up directly at the place of supervision, the supervised person may file observations on
p.000805: the record that the authorized person will enter into it.
p.000805: (3) If the record referred to in paragraph 1 of this Article has been drawn up after the supervision has been carried out, it shall be forwarded to the supervised person.
p.000805: (4) The supervised person shall have the right to file observations in the minutes referred to in paragraphs 2 and 3 of this Article within 15 days from the date of his receipt.
p.000805: in writing. Within 15 days from the receipt of the objection, the supervised person will be provided with a written response on acceptance or non-acceptance.
p.000805: objections.
...
p.000805: at least HRK 100,000.00 which has become final.
p.000805: The limitation period for executing an administrative fine
p.000805: Article 49
p.000805: (1) The statute of limitations on the right to collect administrative fines shall be governed by the provisions of the general law governing the tax procedure.
p.000805: (2) The statute of limitations begins to run from the day the decision becomes final.
p.000805: (3) During the period of installment repayment, the administrative fine shall not run.
p.000805: VII. INFRINGEMENTAL PROVISIONS
p.000805: Article 50
p.000805: (1) A fine for an offense in the amount of HRK 5000.00 to HRK 50,000.00 shall be imposed on:
p.000805: - a person acting as the Director and Deputy Director of the Agency if he discloses to the unauthorized person confidential information which he has learned in
p.000805: performing their duties in accordance with Article 13 of this Law
p.000805: - an official of the Agency who discloses to an unauthorized person confidential information which he has learned in the performance of his duties in accordance with Article 13.
p.000805: of this Act.
p.000805: (2) The authorized prosecutor for the offense referred to in this Article shall be the Attorney General.
p.000805: VIII. ADMINISTRATIVE FINES
p.000805: Article 51
p.000805: An administrative fine of up to HRK 50,000.00 shall be imposed on:
p.000805: - the processing manager and the processing contractor who do not mark the object, premises, parts of the room and the exterior surface of the facility in the manner prescribed in Article 27.
p.000805: of this Act
p.000805: - processing manager and processing executor who do not establish an automated system of records for recording access to video surveillance recordings, in accordance with
p.000805: Article 28, Paragraph 4 of this Law
p.000805: - persons referred to in Article 28, paragraph 1 of this Act, who use video recordings from the video surveillance system contrary to Article 28, paragraph 2 of this Act.
p.000805: IX. TRANSITIONAL AND FINAL PROVISIONS
p.000805: Article 52
p.000805: (1) On the day this Law enters into force:
p.000805: - Personal Data Protection Agency established by the Law on Personal Data Protection (Official Gazette 103/03, 118/06, 41/08, 130/11 and
p.000805: 106/12. - consolidated text; hereinafter referred to as the Personal Data Protection Agency), as a legal person with public authority, becomes a state body and
p.000805: continues to operate under the same name
p.000805: - The Agency, as a successor of the Personal Data Protection Agency, takes over its affairs, records and other documentation, funds for
p.000805: work, financial resources, rights and obligations, as well as employees
p.000805: - Employees of the Personal Data Protection Agency become civil servants or employees.
p.000805: (2) Until the adoption of the ordinance on the internal order referred to in Article 54 of this Act and the allocation to posts in accordance with the regulations on state
...
Social / Child
Searching for indicator child:
(return to top)
p.000805: - description of cooperation activities with state and other bodies in the Republic of Croatia
p.000805: - a description of the awareness activities of individuals, processing managers, processing executives and other target groups
p.000805: - analysis and evaluation of the exercise of the right to the protection of personal data.
p.000805: (2) The annual report shall also contain information on the realized revenues and expenses for the reporting period for which the report is submitted.
p.000805: on the number of employees and the structure of employees by qualifications.
p.000805: (3) The annual report shall be published on the Agency's website.
p.000805: Publication of the Agency's opinions and decisions
p.000805: Article 18
p.000805: (1) Agency decisions and opinions regarding the types of processing that, given the nature, extent, context and purpose of processing, may cause
p.000805: high risk to the rights and freedoms of individuals are published on the Agency's website.
p.000805: (2) The opinions and decisions referred to in paragraph 1 of this Article shall be anonymised or pseudonymized.
p.000805: (3) By way of derogation from paragraph 2 of this Article, where the opinions and decisions of the Agency referred to in paragraph 1 of this Article refer to minors,
p.000805: the technique of anonymizing information relating to them to ensure a high level of protection of their privacy.
p.000805: IV. PERSONAL DATA PROCESSING IN SPECIAL CASES
p.000805: Child consent in relation to information society services
p.000805: Article 19
p.000805: (1) In applying Article 6 (1) (a) of the General Data Protection Regulation, in relation to the provision of information society services directly to a child,
p.000805: the processing of personal data of a child is legal if the child is at least 16 years old.
p.000805: (2) The provision of paragraph 1 of this Article shall apply to a child whose place of residence is in the Republic of Croatia.
p.000805: (3) Any act contrary to the provisions of this Article shall be considered a violation of Article 8 of the General Data Protection Regulation and shall be subject to sanction.
p.000805: in accordance with Article 83 of the General Data Protection Regulation.
p.000805: Genetic data processing
p.000805: Article 20
p.000805: (1) It is forbidden to process genetic data for the purpose of calculating the appearance of diseases and other health aspects of subjects in the framework of assembly actions or
p.000805: executing life insurance contracts and contracts with lifetime clauses.
p.000805: (2) With the consent of the respondents, the prohibition referred to in paragraph 1 of this Article cannot be lifted.
p.000805: (3) The provision of paragraph 1 of this Article shall apply to respondents who, in the Republic of Croatia, conclude life insurance contracts and contracts with
p.000805: experience clauses if processing is carried out by a processing manager established in the Republic of Croatia or providing services in the Republic of Croatia.
p.000805: (4) Any act contrary to the provisions of this Article shall be considered a violation of Article 9 of the General Data Protection Regulation and shall be subject to sanction.
p.000805: in accordance with Article 83 (5) of the General Data Protection Regulation.
p.000805: Biometric data processing
p.000805: Article 21
...
Social / Police Officer
Searching for indicator officer:
(return to top)
p.000805: duty in accordance with law.
p.000805: (2) The procedure for dismissal of the Director and the Deputy Director shall be initiated at the proposal of the Government of the Republic of Croatia.
p.000805: Expert service
p.000805: Article 10
p.000805: (1) The Agency shall have a professional service.
p.000805: (2) The provisions of the regulations governing the rights and obligations of civil servants shall apply to employees of the Agency's professional service.
p.000805: (3) The manner of work, the manner of planning and carrying out the affairs, the internal organization and other matters important for the performance of the Agency's activities shall be regulated.
p.000805: Rules of Procedure of the Agency issued by the Director.
p.000805: (4) The Agency's Rules of Procedure shall be approved by the Croatian Parliament. The Ordinance shall be published in the Official Gazette.
p.000805: (5) A decree laying down the principles governing the internal organization of the body shall be appropriately applied to the internal organization of the Agency's professional service.
p.000805: state administration, in the part related to state administrative organizations.
p.000805: (6) The Director shall adopt the Ordinance on the Internal Order, which regulates the number of civil servants required to perform their jobs indicating their status.
p.000805: basic tasks and tasks, and the professional conditions necessary for their performance, their powers and responsibilities, and other issues of relevance to the work
p.000805: Agencies.
p.000805: Article 11
p.000805: The director, deputy director and officers of the Agency may not perform the duties of data protection officer for another manager or executor
p.000805: Release.
p.000805: Article 12
p.000805: (1) The director, the deputy director and the officers of the Agency who carry out the supervision activities shall have an official ID card proving their official identity.
p.000805: trait, identity and authority.
p.000805: (2) The form and content of the official identity card shall be determined by the Rules of Procedure referred to in Article 10 of this Act.
p.000805: Article 13
p.000805: (1) The director, deputy director and employees of the Agency shall be bound by professional secrecy or other appropriate type of secret, in accordance with
p.000805: the law governing the confidentiality of information, to safeguard all personal and other confidential information they learn in the performance of their duties.
p.000805: (2) The obligation referred to in paragraph 1 of this Article shall continue after the termination of the duties of the director, deputy director, or after the termination of service
p.000805: in the Agency.
p.000805: Cooperation with state administration bodies and other bodies
p.000805: Article 14
p.000805: Central state administration bodies and other state bodies are obliged to submit draft laws and other regulations to the Agency.
p.000805: regulate issues related to the processing of personal data for the purpose of giving expert opinions in relation to the field of personal data protection.
p.000805: Collaboration with data protection supervisory authorities of other countries
p.000805: Article 15
...
Searching for indicator police:
(return to top)
p.000805: Copies, printing and temporary taking of storage systems and equipment
p.000805: Article 37
p.000805: (1) Authorized persons may, where necessary, make copies of available documents, copy all contents of the storage system and collect others
p.000805: relevant information.
p.000805: (2) If, for technical reasons, it is not possible to make copies of the necessary documentation during surveillance, the authorized persons shall, as appropriate, withdraw
p.000805: necessary storage systems and equipment that contains other relevant information and retain it as long as necessary to produce copies of that documentation, and
p.000805: up to 15 days from the date of seizure of storage and equipment.
p.000805: (3) Authorized persons may seal storage systems or equipment during surveillance and to the extent necessary for the implementation of surveillance
p.000805: activities if there is a risk of destruction or alteration of evidence, for a maximum of 15 days from the date of printing of the storage system or equipment.
p.000805: (4) An authorized person shall be obliged to make an official note on the copying, printing and temporary taking of the storage system and equipment.
p.000805: provide relevant information about the data or equipment covered by the operation and hand over a copy to the supervised entity.
p.000805: Suspicion of a criminal offense
p.000805: Article 38
p.000805: If, during the course of the surveillance, he / she becomes aware or finds objects that indicate that he / she has been prosecuted
p.000805: Duties, authorized persons shall inform the competent police station or the State Attorney as soon as possible.
p.000805: Classified information
p.000805: Article 39
p.000805: (1) Any access, copying and any other processing of data classified with a security classification by a specific regulation
p.000805: shall be conducted in accordance with the regulations governing the protection of confidentiality of information.
p.000805: (2) Any access, copying and any other processing of data classified with a classification by virtue of a special regulation
p.000805: it will be conducted by officials who hold a valid certificate of access to classified information in accordance with the regulations governing the protection of confidentiality of information.
p.000805: Record of supervision carried out
p.000805: Article 40
p.000805: (1) Minutes shall be made of the supervision carried out. The minutes shall contain in particular:
p.000805: 1. place and date of implementation of supervision
p.000805: 2. an indication of whether the surveillance was announced or unannounced
p.000805: 3. the personal names and signatures of the authorized persons who participated in the surveillance and the representative of the supervised person
p.000805: 4. a description of the course and content of each action taken during the monitoring and the statements made
p.000805: 5. a list of documents and other objects used, copied, sealed and / or temporarily seized during the surveillance activity
p.000805: 6. a lesson on the right to comment on the minutes.
p.000805: (2) If the record referred to in paragraph 1 of this Article has been drawn up directly at the place of supervision, the supervised person may file observations on
...
Social / Property Ownership
Searching for indicator home:
(return to top)
p.000805: in writing. Within 15 days from the receipt of the objection, the supervised person will be provided with a written response on acceptance or non-acceptance.
p.000805: objections.
p.000805: (5) If the supervised person does not submit objections to the record within the time limit referred to in paragraph 4 of this Article, it shall be considered that it has no objection to it.
p.000805: Representing respondents
p.000805: Article 41
p.000805: Respondent has the right to authorize a non-profit body, organization or association established in accordance with the law, which states the goals
p.000805: is of public interest and is active in the field of the protection of the rights and freedoms of respondents with regard to the protection of their personal data, to file a complaint in
p.000805: to exercise on his behalf and to exercise on his behalf the rights referred to in Articles 77, 78 and 79 of the General Data Protection Regulation and the right to compensation referred to in Article 82 of the General Regulation on
p.000805: data protection.
p.000805: Giving expert opinions
p.000805: Article 42
p.000805: (1) At the written request of a natural or legal person, the Agency shall give an expert opinion in the field of personal data protection, not later than 30 days from
p.000805: days of submission, depending on the complexity of the application.
p.000805: (2) If it is necessary to involve other bodies at home or abroad when giving expert opinion for the purpose of obtaining data or information
p.000805: relevant for expert opinion, the deadline for giving the opinion referred to in paragraph 1 of this Article may be extended by another 30 days.
p.000805: Fee for acting on request
p.000805: Article 43
p.000805: (1) The performance of the Agency's tasks shall be carried out without charge in respect of respondents, personal data protection officers, journalists and public authorities.
p.000805: (2) The Agency will charge a reasonable fee based on administrative costs or refuse to act on the request if the respondent's requests are clearly
p.000805: unfounded or excessive, and especially because of their frequency.
p.000805: (3) The Agency shall charge a fee for giving opinions to business entities (law firms, consultants, etc.) that are business
p.000805: subjects requested for the purpose of carrying out their regular business or providing services.
p.000805: (4) The criteria for determining the amount of compensation referred to in paragraphs 2 and 3 of this Article shall be laid down by the Agency. The criteria shall be published in the Official Gazette and on
p.000805: the Agency's website.
p.000805: (5) The amount of compensation referred to in paragraphs 2 and 3 of this Article shall be paid in favor of the state budget.
p.000805: YOU. EXPRESSION OF ADMINISTRATIVE FINES
p.000805: Article 44
p.000805: (1) The Agency shall impose administrative fines for violations of the provisions of this Act and the General Data Protection Regulation, in accordance with Article 83 of the General Regulation
...
Searching for indicator property:
(return to top)
p.000805: in accordance with Article 83 of the General Data Protection Regulation.
p.000805: Genetic data processing
p.000805: Article 20
p.000805: (1) It is forbidden to process genetic data for the purpose of calculating the appearance of diseases and other health aspects of subjects in the framework of assembly actions or
p.000805: executing life insurance contracts and contracts with lifetime clauses.
p.000805: (2) With the consent of the respondents, the prohibition referred to in paragraph 1 of this Article cannot be lifted.
p.000805: (3) The provision of paragraph 1 of this Article shall apply to respondents who, in the Republic of Croatia, conclude life insurance contracts and contracts with
p.000805: experience clauses if processing is carried out by a processing manager established in the Republic of Croatia or providing services in the Republic of Croatia.
p.000805: (4) Any act contrary to the provisions of this Article shall be considered a violation of Article 9 of the General Data Protection Regulation and shall be subject to sanction.
p.000805: in accordance with Article 83 (5) of the General Data Protection Regulation.
p.000805: Biometric data processing
p.000805: Article 21
p.000805: (1) The processing of biometric data in public authorities may only be carried out if it is specified by law and if it is necessary for the protection of persons,
p.000805: property, classified information or trade secrets, taking into account that the interests of respondents who are contrary to the processing do not prevail
p.000805: biometric data from this article.
p.000805: (2) The processing of biometric data shall be deemed to be in accordance with the law if it is necessary to fulfill the obligations of international treaties in
p.000805: related to identifying an individual in crossing a state border.
p.000805: Article 22
p.000805: (1) The processing of biometric data in the private sector can only be carried out if it is prescribed by law or if it is necessary for the protection of persons,
p.000805: property, classified information, trade secrets or to individually and securely identify users of the services, taking into account that they do not prevail
p.000805: the interests of respondents who are contrary to the processing of biometric data from this article.
p.000805: (2) The legal basis for processing biometric data of respondents for the purpose of secure identification of users of services is the express consent of such respondent
p.000805: given in accordance with the provisions of the General Data Protection Regulation.
p.000805: Article 23
p.000805: It is allowed to process biometric data of employees for the purpose of recording working hours and for entering and leaving official premises, if
p.000805: is required by law or if such processing is carried out as an alternative to another solution for recording working hours or entering and exiting official
p.000805: premises, provided that the employee has given express consent to such processing of biometric data in accordance with the provisions of the General Data Protection Regulation.
p.000805: Article 24
p.000805: (1) The provisions of this Act on the processing of biometric data shall apply to respondents in the Republic of Croatia if the processing is carried out by:
p.000805: - Head of processing with business establishment in the Republic of Croatia or providing services in the Republic of Croatia
p.000805: - public authority.
p.000805: (2) The provisions of this Act on the processing of biometric data shall not affect the obligation to carry out an impact assessment in accordance with Article 35 of the General Decree on
p.000805: data protection.
p.000805: (3) The provisions of this Act on the processing of biometric data shall not apply to the fields of defense, national security and security,
p.000805: intelligence system.
p.000805: Processing of personal data by video surveillance
p.000805: Article 25
p.000805: (1) Video surveillance within the meaning of the provisions of this Act refers to the collection and further processing of personal data, which includes the creation of a recording
p.000805: which makes or is intended to form part of a storage system.
p.000805: (2) Unless otherwise stipulated by another law, the provisions of this shall apply to the processing of personal data through video surveillance systems.
p.000805: Act.
p.000805: Article 26
p.000805: (1) The processing of personal data through video surveillance may only be carried out for the purpose necessary and justified for the protection of persons and property, if not
p.000805: the interests of respondents who are opposed to the processing of data via video surveillance prevail.
p.000805: (2) Video surveillance may include rooms, parts of rooms, the exterior surface of the building, as well as the interior space in public
p.000805: traffic, and the supervision of which is necessary to achieve the purpose referred to in paragraph 1 of this Article.
p.000805: Article 27
p.000805: (1) The processing manager or the processing executor is obliged to indicate that the object or individual room in it and the exterior surface of the object are under
p.000805: video surveillance, and the tag should be visible at the latest when entering the recording perimeter.
p.000805: (2) The notification referred to in paragraph 1 of this Article must contain all relevant information in accordance with the provisions of Article 13 of the General Data Protection Regulation, and
p.000805: a particularly simple and easy-to-understand image with text that provides respondents with the following information:
p.000805: - the space is under video surveillance
p.000805: - information about the processing manager
p.000805: - contact information through which the respondent can exercise his rights.
p.000805: Article 28
p.000805: (1) The right of access to personal data collected through video surveillance is vested in the responsible person of the processing manager or the processing executor and / or
p.000805: the person he authorizes.
p.000805: (2) Persons referred to in paragraph 1 of this Article may not use video recordings from the video surveillance system contrary to the purpose specified in Article 26, paragraph 1 of this
p.000805: Act.
...
p.000805: the conditions laid down by the regulations governing occupational safety have been fulfilled and if the employees were adequately informed in advance of such
p.000805: measures, and if the employer informed the employees before making the decision to set up a video surveillance system.
p.000805: (2) Video surveillance of work premises shall not include rest rooms, personal hygiene and changing rooms.
p.000805: Video surveillance of residential buildings
p.000805: Article 31
p.000805: (1) The establishment of video surveillance in residential or commercial-residential buildings requires the consent of co-owners of at least 2/3
p.000805: co-ownership parts.
p.000805: (2) Video surveillance may cover only access to entrances and exits of residential buildings and common rooms in residential buildings.
p.000805: (3) It is prohibited to use video surveillance to monitor the performance of janitors, cleaners and other persons working in an apartment building.
p.000805: Video surveillance of public areas
p.000805: Article 32
p.000805: (1) Monitoring of public areas through video surveillance is allowed only to bodies of public authority, legal persons with public authority and legal entities.
p.000805: to persons performing public service only if prescribed by law, if necessary for the performance of the tasks and tasks of public authorities or for the protection
p.000805: the life and health of the people of that property.
p.000805: (2) The provisions of this Article shall not preclude the application of Article 35 of the General Data Protection Regulation to the systematic monitoring of a publicly accessible area in
p.000805: largely.
p.000805: Processing of personal data for statistical purposes
p.000805: Article 33
p.000805: (1) In the framework of the processing of personal data for the purpose of producing official statistics in accordance with specific regulations in the field of official statistics, the bodies
p.000805: which produce official statistics are not obliged to provide respondents with the right of access to personal data, the right to correct personal data, the right to
p.000805: restriction of the processing of personal data or the right to object to the processing of personal data in order to ensure the conditions necessary for the achievement of the purpose
p.000805: official statistics to the extent that such rights are likely to be precluded or seriously jeopardized and, where such rights are attained,
p.000805: derogations necessary to achieve these purposes.
p.000805: (2) Bodies responsible for producing official statistics shall apply the technical and organizational measures for the protection of data collected for
p.000805: official statistics needs.
p.000805: (3) Managers of the processing of personal data are not obliged to inform bodies responsible for official statistics when transferring personal data
p.000805: respondents on the transfer of personal data for statistical purposes.
p.000805: (4) The processing of personal data for statistical purposes is considered to be in line with the purpose for which the data were collected, provided that they are undertaken
p.000805: appropriate safeguards.
...
Social / Trade Union Membership
Searching for indicator union:
(return to top)
p.000805: - publish individual decisions in accordance with Articles 18 and 48 of this Law on the Agency's web pages
p.000805: - initiates and conducts appropriate actions against responsible persons for violation of the General Data Protection Regulation and this Law
p.000805: - performs the tasks of an independent oversight body to monitor the application of Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on
p.000805: the protection of individuals with regard to the processing of personal data by competent authorities for the purpose of preventing, investigating, detecting or prosecuting criminal offenses or
p.000805: the enforcement of criminal sanctions and the free movement of such data and the repeal of Council Framework Decision 2008/977 / JHA, unless
p.000805: special regulations do not specify otherwise
p.000805: - performs other legally prescribed tasks.
p.000805: (2) If the Agency questions the validity of the European Commission's implementing decision on adequacy and standard contractual clauses, it shall suspend
p.000805: will administrative proceedings and transfer the case to the High Administrative Court of the Republic of Croatia for the administrative matter.
p.000805: (3) In the procedure referred to in paragraph 2 of this Article, the High Administrative Court of the Republic of Croatia, if it considers that the decision of the European Commission is not valid,
p.000805: will apply for a review of the validity of the present decision to the Court of Justice of the European Union in accordance with Article 267 of the Treaty on the Functioning of the European Union.
p.000805: (4) The Agency shall supervise the implementation of this Act.
p.000805: III. AGENCY FOR PERSONAL DATA PROTECTION
p.000805: Managing the Agency
p.000805: Article 7
p.000805: (1) The work of the Agency shall be managed by the Director (hereinafter: the Director).
p.000805: (2) The director has a deputy.
p.000805: (3) The Director and Deputy Director shall be appointed by the Croatian Parliament at the proposal of the Government of the Republic of Croatia, based on a public invitation for delivery.
p.000805: candidacy.
p.000805: (4) The director and the deputy director shall be appointed for a term of four years and may be appointed to this position no more than twice.
p.000805: (5) The central state administration body competent for the state administration system shall announce a public invitation for submission of candidatures for the director and the deputy
p.000805: of the Director no later than six months before the expiry of the term of office of the Director and Deputy Director, or 30 days after the termination of office at the latest
p.000805: the term of office ceased before the expiration of his term of office. The central state administration body shall submit the competent state administration system to the Government of the Republic of Croatia
p.000805: nominations submitted, indicating the candidates who submitted timely and complete candidacy.
p.000805: (6) The Government of the Republic of Croatia shall determine the proposal of the candidate for director or deputy director and submit it to the Croatian Parliament.
p.000805: (7) In the event of termination of the Director's term of office, before the expiration of the term for which the Director has been appointed, the Deputy Director shall act until
p.000805: appointing a director in a procedure initiated pursuant to paragraph 5 of this Article, for a maximum of six months.
...
Social / employees
Searching for indicator employees:
(return to top)
p.000805: - has not been convicted and is not being prosecuted for the offenses for which the proceedings are instituted ex officio
p.000805: - not a member of a political party.
p.000805: (2) The provisions of the regulations governing the obligations and rights of state officials and regulations governing the application of the Director and Deputy Director shall apply to the Director.
p.000805: regulates conflict of interest prevention.
p.000805: (3) The coefficient for calculating the salary of the Director is 5.50.
p.000805: (4) The coefficient for calculating the salary of the Deputy Director is 4.26.
p.000805: Dismissal of the Director and Deputy Director
p.000805: Article 9
p.000805: (1) The Croatian Parliament shall dismiss the duties of the Director and the Deputy Director before the expiration of the term for which he was elected:
p.000805: - if he asks for it himself
p.000805: - if circumstances no longer qualify for election arise
p.000805: - if he committed a serious breach of duty. A director or a deputy director is considered to have committed a serious breach of duty if he or she does not perform
p.000805: duty in accordance with law.
p.000805: (2) The procedure for dismissal of the Director and the Deputy Director shall be initiated at the proposal of the Government of the Republic of Croatia.
p.000805: Expert service
p.000805: Article 10
p.000805: (1) The Agency shall have a professional service.
p.000805: (2) The provisions of the regulations governing the rights and obligations of civil servants shall apply to employees of the Agency's professional service.
p.000805: (3) The manner of work, the manner of planning and carrying out the affairs, the internal organization and other matters important for the performance of the Agency's activities shall be regulated.
p.000805: Rules of Procedure of the Agency issued by the Director.
p.000805: (4) The Agency's Rules of Procedure shall be approved by the Croatian Parliament. The Ordinance shall be published in the Official Gazette.
p.000805: (5) A decree laying down the principles governing the internal organization of the body shall be appropriately applied to the internal organization of the Agency's professional service.
p.000805: state administration, in the part related to state administrative organizations.
p.000805: (6) The Director shall adopt the Ordinance on the Internal Order, which regulates the number of civil servants required to perform their jobs indicating their status.
p.000805: basic tasks and tasks, and the professional conditions necessary for their performance, their powers and responsibilities, and other issues of relevance to the work
p.000805: Agencies.
p.000805: Article 11
p.000805: The director, deputy director and officers of the Agency may not perform the duties of data protection officer for another manager or executor
p.000805: Release.
p.000805: Article 12
p.000805: (1) The director, the deputy director and the officers of the Agency who carry out the supervision activities shall have an official ID card proving their official identity.
p.000805: trait, identity and authority.
p.000805: (2) The form and content of the official identity card shall be determined by the Rules of Procedure referred to in Article 10 of this Act.
p.000805: Article 13
p.000805: (1) The director, deputy director and employees of the Agency shall be bound by professional secrecy or other appropriate type of secret, in accordance with
p.000805: the law governing the confidentiality of information, to safeguard all personal and other confidential information they learn in the performance of their duties.
p.000805: (2) The obligation referred to in paragraph 1 of this Article shall continue after the termination of the duties of the director, deputy director, or after the termination of service
p.000805: in the Agency.
p.000805: Cooperation with state administration bodies and other bodies
p.000805: Article 14
p.000805: Central state administration bodies and other state bodies are obliged to submit draft laws and other regulations to the Agency.
p.000805: regulate issues related to the processing of personal data for the purpose of giving expert opinions in relation to the field of personal data protection.
p.000805: Collaboration with data protection supervisory authorities of other countries
p.000805: Article 15
p.000805: (1) Representatives of the visiting supervisory authority shall have the power to conduct joint operations, including investigations and joint enforcement measures, in
p.000805: in accordance with the provisions of this Act and the General Data Protection Regulation.
p.000805: (2) By agreement between the Agency and the Visiting Supervisory Body, the Agency shall authorize the representatives of the Visiting Supervisory Body to monitor and
p.000805: participate in the conduct of surveillance activities in accordance with Article 62 of the General Data Protection Regulation.
...
p.000805: - number of approved contractual clauses and provisions of administrative arrangements in accordance with Article 46 (3) of the General Data Protection Regulation
p.000805: - number and type of violations identified, issued warnings, official warnings and imposed administrative fines and other types of measures taken
p.000805: in accordance with Article 58 (2) of the General Data Protection Regulation
p.000805: - Number and description of international treaties, laws and regulations to which he / she gave an opinion regarding the area of personal data protection, with
p.000805: indication of when the opinion was given at the request of the competent authority and when ex officio
p.000805: - a description of activities within the European Data Protection Board and other umbrella organizations in the field of personal data protection
p.000805: - description of cooperation activities with state and other bodies in the Republic of Croatia
p.000805: - a description of the awareness activities of individuals, processing managers, processing executives and other target groups
p.000805: - analysis and evaluation of the exercise of the right to the protection of personal data.
p.000805: (2) The annual report shall also contain information on the realized revenues and expenses for the reporting period for which the report is submitted.
p.000805: on the number of employees and the structure of employees by qualifications.
p.000805: (3) The annual report shall be published on the Agency's website.
p.000805: Publication of the Agency's opinions and decisions
p.000805: Article 18
p.000805: (1) Agency decisions and opinions regarding the types of processing that, given the nature, extent, context and purpose of processing, may cause
p.000805: high risk to the rights and freedoms of individuals are published on the Agency's website.
p.000805: (2) The opinions and decisions referred to in paragraph 1 of this Article shall be anonymised or pseudonymized.
p.000805: (3) By way of derogation from paragraph 2 of this Article, where the opinions and decisions of the Agency referred to in paragraph 1 of this Article refer to minors,
p.000805: the technique of anonymizing information relating to them to ensure a high level of protection of their privacy.
p.000805: IV. PERSONAL DATA PROCESSING IN SPECIAL CASES
p.000805: Child consent in relation to information society services
p.000805: Article 19
p.000805: (1) In applying Article 6 (1) (a) of the General Data Protection Regulation, in relation to the provision of information society services directly to a child,
p.000805: the processing of personal data of a child is legal if the child is at least 16 years old.
p.000805: (2) The provision of paragraph 1 of this Article shall apply to a child whose place of residence is in the Republic of Croatia.
...
p.000805: Biometric data processing
p.000805: Article 21
p.000805: (1) The processing of biometric data in public authorities may only be carried out if it is specified by law and if it is necessary for the protection of persons,
p.000805: property, classified information or trade secrets, taking into account that the interests of respondents who are contrary to the processing do not prevail
p.000805: biometric data from this article.
p.000805: (2) The processing of biometric data shall be deemed to be in accordance with the law if it is necessary to fulfill the obligations of international treaties in
p.000805: related to identifying an individual in crossing a state border.
p.000805: Article 22
p.000805: (1) The processing of biometric data in the private sector can only be carried out if it is prescribed by law or if it is necessary for the protection of persons,
p.000805: property, classified information, trade secrets or to individually and securely identify users of the services, taking into account that they do not prevail
p.000805: the interests of respondents who are contrary to the processing of biometric data from this article.
p.000805: (2) The legal basis for processing biometric data of respondents for the purpose of secure identification of users of services is the express consent of such respondent
p.000805: given in accordance with the provisions of the General Data Protection Regulation.
p.000805: Article 23
p.000805: It is allowed to process biometric data of employees for the purpose of recording working hours and for entering and leaving official premises, if
p.000805: is required by law or if such processing is carried out as an alternative to another solution for recording working hours or entering and exiting official
p.000805: premises, provided that the employee has given express consent to such processing of biometric data in accordance with the provisions of the General Data Protection Regulation.
p.000805: Article 24
p.000805: (1) The provisions of this Act on the processing of biometric data shall apply to respondents in the Republic of Croatia if the processing is carried out by:
p.000805: - Head of processing with business establishment in the Republic of Croatia or providing services in the Republic of Croatia
p.000805: - public authority.
p.000805: (2) The provisions of this Act on the processing of biometric data shall not affect the obligation to carry out an impact assessment in accordance with Article 35 of the General Decree on
p.000805: data protection.
p.000805: (3) The provisions of this Act on the processing of biometric data shall not apply to the fields of defense, national security and security,
p.000805: intelligence system.
p.000805: Processing of personal data by video surveillance
p.000805: Article 25
p.000805: (1) Video surveillance within the meaning of the provisions of this Act refers to the collection and further processing of personal data, which includes the creation of a recording
p.000805: which makes or is intended to form part of a storage system.
p.000805: (2) Unless otherwise stipulated by another law, the provisions of this shall apply to the processing of personal data through video surveillance systems.
...
p.000805: - information about the processing manager
p.000805: - contact information through which the respondent can exercise his rights.
p.000805: Article 28
p.000805: (1) The right of access to personal data collected through video surveillance is vested in the responsible person of the processing manager or the processing executor and / or
p.000805: the person he authorizes.
p.000805: (2) Persons referred to in paragraph 1 of this Article may not use video recordings from the video surveillance system contrary to the purpose specified in Article 26, paragraph 1 of this
p.000805: Act.
p.000805: (3) The video surveillance system must be protected from access by unauthorized persons.
p.000805: (4) The processing manager and the processing executor shall establish an automated system of records for recording access to video surveillance recordings, which shall
p.000805: contain the time and place of access, as well as the tag of the persons who accessed the data collected through the video surveillance.
p.000805: (5) The competent state bodies shall have access to the information referred to in paragraph 1 of this Article within the framework of carrying out activities within their scope determined by law.
p.000805: Article 29
p.000805: Recordings obtained through video surveillance can be stored for a maximum of six months, unless otherwise prescribed by law or longer
p.000805: evidence in judicial, administrative, arbitration or other equivalent proceedings.
p.000805: Video surveillance of workrooms
p.000805: Article 30
p.000805: (1) The processing of personal data of employees through video surveillance systems may be carried out only if they are subject to the conditions laid down in this Act
p.000805: the conditions laid down by the regulations governing occupational safety have been fulfilled and if the employees were adequately informed in advance of such
p.000805: measures, and if the employer informed the employees before making the decision to set up a video surveillance system.
p.000805: (2) Video surveillance of work premises shall not include rest rooms, personal hygiene and changing rooms.
p.000805: Video surveillance of residential buildings
p.000805: Article 31
p.000805: (1) The establishment of video surveillance in residential or commercial-residential buildings requires the consent of co-owners of at least 2/3
p.000805: co-ownership parts.
p.000805: (2) Video surveillance may cover only access to entrances and exits of residential buildings and common rooms in residential buildings.
p.000805: (3) It is prohibited to use video surveillance to monitor the performance of janitors, cleaners and other persons working in an apartment building.
p.000805: Video surveillance of public areas
p.000805: Article 32
p.000805: (1) Monitoring of public areas through video surveillance is allowed only to bodies of public authority, legal persons with public authority and legal entities.
p.000805: to persons performing public service only if prescribed by law, if necessary for the performance of the tasks and tasks of public authorities or for the protection
p.000805: the life and health of the people of that property.
p.000805: (2) The provisions of this Article shall not preclude the application of Article 35 of the General Data Protection Regulation to the systematic monitoring of a publicly accessible area in
p.000805: largely.
p.000805: Processing of personal data for statistical purposes
p.000805: Article 33
...
p.000805: VIII. ADMINISTRATIVE FINES
p.000805: Article 51
p.000805: An administrative fine of up to HRK 50,000.00 shall be imposed on:
p.000805: - the processing manager and the processing contractor who do not mark the object, premises, parts of the room and the exterior surface of the facility in the manner prescribed in Article 27.
p.000805: of this Act
p.000805: - processing manager and processing executor who do not establish an automated system of records for recording access to video surveillance recordings, in accordance with
p.000805: Article 28, Paragraph 4 of this Law
p.000805: - persons referred to in Article 28, paragraph 1 of this Act, who use video recordings from the video surveillance system contrary to Article 28, paragraph 2 of this Act.
p.000805: IX. TRANSITIONAL AND FINAL PROVISIONS
p.000805: Article 52
p.000805: (1) On the day this Law enters into force:
p.000805: - Personal Data Protection Agency established by the Law on Personal Data Protection (Official Gazette 103/03, 118/06, 41/08, 130/11 and
p.000805: 106/12. - consolidated text; hereinafter referred to as the Personal Data Protection Agency), as a legal person with public authority, becomes a state body and
p.000805: continues to operate under the same name
p.000805: - The Agency, as a successor of the Personal Data Protection Agency, takes over its affairs, records and other documentation, funds for
p.000805: work, financial resources, rights and obligations, as well as employees
p.000805: - Employees of the Personal Data Protection Agency become civil servants or employees.
p.000805: (2) Until the adoption of the ordinance on the internal order referred to in Article 54 of this Act and the allocation to posts in accordance with the regulations on state
p.000805: employees of the Agency for the Protection of Personal Data continue to perform the activities they were found on the day this Law enters into force.
p.000805: Law and retain all employment rights.
p.000805: Article 53
p.000805: (1) Within eight days from the day this Law enters into force, the central state administration body competent for the state administration system shall initiate
p.000805: the process of appointing a director and a deputy director.
p.000805: (2) A person found in the position of the Director of the Agency for Protection of Personal Data on the day this Law enters into force shall continue to perform
p.000805: the duty of the Director until the appointment of the Director of the Agency in accordance with this Act.
p.000805: Article 54
p.000805: (1) The Director shall, within 60 days from the day of his appointment, submit to the Croatian Parliament for approval the Agency's Rules of Procedure.
p.000805: (2) The Director shall, within 30 days from the entry into force of the Ordinance referred to in paragraph 1 of this Article, adopt the Ordinance on the Internal Order.
p.000805: (3) Until the Agency's Rules of Procedure enter into force, the Statute of the Agency for the Protection of Personal Data shall apply.
p.000805: Article 55
p.000805: Proceedings initiated before the entry into force of this Act shall continue and be completed in accordance with the provisions of the Personal Data Protection Act (
p.000805: Gazette «, no. 103/03., 118/06., 41/08., 130/11. and 106/12. - consolidated text).
p.000805: Termination of regulations
p.000805: Article 56
...
Social / gender
Searching for indicator gender:
(return to top)
p.000805: I hereby promulgate the Law on Implementation of the General Data Protection Regulation, adopted by the Croatian Parliament at its session of 27 April 2018.
p.000805: Class: 011-01 / 18-01 / 48
p.000805: Reg. No: 71-06-01 / 1-18-2
p.000805: Zagreb, May 3, 2018
p.000805: President
p.000805: Of the Republic of Croatia
p.000805: Kolinda Grabar-Kitarović, v. R.
p.000805: LAW
p.000805: ON THE IMPLEMENTATION OF THE GENERAL DATA PROTECTION REGULATION
p.000805: I. GENERAL PROVISIONS
p.000805: The subject of the Act
p.000805: Article 1.
p.000805: (1) This Act provides for the implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to
p.000805: the processing of personal data and the free movement of such data and the repeal of Directive 95/46 / EC (General Data Protection Regulation)
p.000805: (Text with EEA relevance) (OJ L 119, 4. 5. 2016) (hereinafter referred to as the General Data Protection Regulation).
p.000805: (2) This Act does not apply to the processing of personal data carried out by competent authorities for the purpose of prevention, investigation, detection or persecution
p.000805: criminal offenses or the enforcement of criminal sanctions, including protection against and prevention of public security threats, as well as in the area of national
p.000805: security and defense.
p.000805: Gender neutrality
p.000805: Article 2
p.000805: Terms used in this Act that have a gender meaning, whether used in masculine or feminine gender, include:
p.000805: the same way male and female.
p.000805: concepts
p.000805: Article 3
p.000805: (1) Terms within the meaning of this Act have the same meaning as those used in the General Data Protection Regulation.
p.000805: (2) "Public authorities" within the meaning of this Act are: state administration bodies and other state bodies, units of local and regional (regional)
p.000805: self.
p.000805: II. COMPETENT AUTHORITIES
p.000805: The supervisory authority
p.000805: Article 4
p.000805: (1) The supervisory authority, within the meaning of Article 51 of the General Data Protection Regulation, is the Personal Data Protection Agency (hereinafter:
p.000805: Agency).
p.000805: (2) The Agency is an independent state body. The Agency is independent and independent in its work and is responsible for its work to the Croatian Parliament.
p.000805: (3) The seat of the Agency shall be in Zagreb.
p.000805: Accreditation body
p.000805: Article 5
p.000805: National accreditation body designated in accordance with Regulation (EC) No 1049/2001 765/2008 of the European Parliament and of the Council of 9 July 2008 o
p.000805: determining the requirements for accreditation and market surveillance in respect of the placing on the market of a product and repealing Regulation (EEC) No. 339/93
p.000805: the competent authority is to accredit certification bodies in accordance with Article 43 (1) of the General Data Protection Regulation.
p.000805: Authority of the Agency
...
Social / philosophical differences/differences of opinion
Searching for indicator opinion:
(return to top)
p.000805: Funds for the work of the Agency are provided in the state budget of the Republic of Croatia.
p.000805: Annual Work Report
p.000805: Article 17
p.000805: (1) The Agency shall submit an annual report on its work to the Croatian Parliament no later than March 31 of the current year for the previous year.
p.000805: The annual report must include:
p.000805: - number of inquiries of respondents and number of complaints
p.000805: - the number of decisions taken on the complaint of the respondents and ex officio, including the number of supervisory activities carried out
p.000805: - number of reports received by the processing manager on the breach of personal data referred to in Article 33 of the General Data Protection Regulation and on surveillance activities
p.000805: conducted on the occasion of such reports
p.000805: - number of prior consultations carried out in accordance with Article 36 of the General Data Protection Regulation
p.000805: - Code of Conduct and Certification actions pursuant to Articles 40 to 43 of the General Data Protection Regulation
p.000805: - number of approved contractual clauses and provisions of administrative arrangements in accordance with Article 46 (3) of the General Data Protection Regulation
p.000805: - number and type of violations identified, issued warnings, official warnings and imposed administrative fines and other types of measures taken
p.000805: in accordance with Article 58 (2) of the General Data Protection Regulation
p.000805: - Number and description of international treaties, laws and regulations to which he / she gave an opinion regarding the area of personal data protection, with
p.000805: indication of when the opinion was given at the request of the competent authority and when ex officio
p.000805: - a description of activities within the European Data Protection Board and other umbrella organizations in the field of personal data protection
p.000805: - description of cooperation activities with state and other bodies in the Republic of Croatia
p.000805: - a description of the awareness activities of individuals, processing managers, processing executives and other target groups
p.000805: - analysis and evaluation of the exercise of the right to the protection of personal data.
p.000805: (2) The annual report shall also contain information on the realized revenues and expenses for the reporting period for which the report is submitted.
p.000805: on the number of employees and the structure of employees by qualifications.
p.000805: (3) The annual report shall be published on the Agency's website.
p.000805: Publication of the Agency's opinions and decisions
p.000805: Article 18
p.000805: (1) Agency decisions and opinions regarding the types of processing that, given the nature, extent, context and purpose of processing, may cause
p.000805: high risk to the rights and freedoms of individuals are published on the Agency's website.
p.000805: (2) The opinions and decisions referred to in paragraph 1 of this Article shall be anonymised or pseudonymized.
p.000805: (3) By way of derogation from paragraph 2 of this Article, where the opinions and decisions of the Agency referred to in paragraph 1 of this Article refer to minors,
...
p.000805: the record that the authorized person will enter into it.
p.000805: (3) If the record referred to in paragraph 1 of this Article has been drawn up after the supervision has been carried out, it shall be forwarded to the supervised person.
p.000805: (4) The supervised person shall have the right to file observations in the minutes referred to in paragraphs 2 and 3 of this Article within 15 days from the date of his receipt.
p.000805: in writing. Within 15 days from the receipt of the objection, the supervised person will be provided with a written response on acceptance or non-acceptance.
p.000805: objections.
p.000805: (5) If the supervised person does not submit objections to the record within the time limit referred to in paragraph 4 of this Article, it shall be considered that it has no objection to it.
p.000805: Representing respondents
p.000805: Article 41
p.000805: Respondent has the right to authorize a non-profit body, organization or association established in accordance with the law, which states the goals
p.000805: is of public interest and is active in the field of the protection of the rights and freedoms of respondents with regard to the protection of their personal data, to file a complaint in
p.000805: to exercise on his behalf and to exercise on his behalf the rights referred to in Articles 77, 78 and 79 of the General Data Protection Regulation and the right to compensation referred to in Article 82 of the General Regulation on
p.000805: data protection.
p.000805: Giving expert opinions
p.000805: Article 42
p.000805: (1) At the written request of a natural or legal person, the Agency shall give an expert opinion in the field of personal data protection, not later than 30 days from
p.000805: days of submission, depending on the complexity of the application.
p.000805: (2) If it is necessary to involve other bodies at home or abroad when giving expert opinion for the purpose of obtaining data or information
p.000805: relevant for expert opinion, the deadline for giving the opinion referred to in paragraph 1 of this Article may be extended by another 30 days.
p.000805: Fee for acting on request
p.000805: Article 43
p.000805: (1) The performance of the Agency's tasks shall be carried out without charge in respect of respondents, personal data protection officers, journalists and public authorities.
p.000805: (2) The Agency will charge a reasonable fee based on administrative costs or refuse to act on the request if the respondent's requests are clearly
p.000805: unfounded or excessive, and especially because of their frequency.
p.000805: (3) The Agency shall charge a fee for giving opinions to business entities (law firms, consultants, etc.) that are business
p.000805: subjects requested for the purpose of carrying out their regular business or providing services.
p.000805: (4) The criteria for determining the amount of compensation referred to in paragraphs 2 and 3 of this Article shall be laid down by the Agency. The criteria shall be published in the Official Gazette and on
p.000805: the Agency's website.
p.000805: (5) The amount of compensation referred to in paragraphs 2 and 3 of this Article shall be paid in favor of the state budget.
p.000805: YOU. EXPRESSION OF ADMINISTRATIVE FINES
p.000805: Article 44
p.000805: (1) The Agency shall impose administrative fines for violations of the provisions of this Act and the General Data Protection Regulation, in accordance with Article 83 of the General Regulation
p.000805: on data protection.
p.000805: (2) If an administrative fine is imposed against a legal person with public authority or against a legal person performing public service, pronounced
...
General/Other / Relationship to Authority
Searching for indicator authority:
(return to top)
p.000805: the processing of personal data and the free movement of such data and the repeal of Directive 95/46 / EC (General Data Protection Regulation)
p.000805: (Text with EEA relevance) (OJ L 119, 4. 5. 2016) (hereinafter referred to as the General Data Protection Regulation).
p.000805: (2) This Act does not apply to the processing of personal data carried out by competent authorities for the purpose of prevention, investigation, detection or persecution
p.000805: criminal offenses or the enforcement of criminal sanctions, including protection against and prevention of public security threats, as well as in the area of national
p.000805: security and defense.
p.000805: Gender neutrality
p.000805: Article 2
p.000805: Terms used in this Act that have a gender meaning, whether used in masculine or feminine gender, include:
p.000805: the same way male and female.
p.000805: concepts
p.000805: Article 3
p.000805: (1) Terms within the meaning of this Act have the same meaning as those used in the General Data Protection Regulation.
p.000805: (2) "Public authorities" within the meaning of this Act are: state administration bodies and other state bodies, units of local and regional (regional)
p.000805: self.
p.000805: II. COMPETENT AUTHORITIES
p.000805: The supervisory authority
p.000805: Article 4
p.000805: (1) The supervisory authority, within the meaning of Article 51 of the General Data Protection Regulation, is the Personal Data Protection Agency (hereinafter:
p.000805: Agency).
p.000805: (2) The Agency is an independent state body. The Agency is independent and independent in its work and is responsible for its work to the Croatian Parliament.
p.000805: (3) The seat of the Agency shall be in Zagreb.
p.000805: Accreditation body
p.000805: Article 5
p.000805: National accreditation body designated in accordance with Regulation (EC) No 1049/2001 765/2008 of the European Parliament and of the Council of 9 July 2008 o
p.000805: determining the requirements for accreditation and market surveillance in respect of the placing on the market of a product and repealing Regulation (EEC) No. 339/93
p.000805: the competent authority is to accredit certification bodies in accordance with Article 43 (1) of the General Data Protection Regulation.
p.000805: Authority of the Agency
p.000805: Article 6
p.000805: (1) In addition to the powers set out in the General Data Protection Regulation, the Agency shall perform the following tasks:
p.000805: - when prescribed by a special law, may institute and have the right to participate in criminal, misdemeanor, administrative and other judicial and
p.000805: out-of-court proceedings for breach of the General Data Protection Regulation and this Act
p.000805: - adopts the Criteria for determining the amount of compensation for administrative costs referred to in Article 43, paragraph 2 of this Law and the Criteria for determining the amount
p.000805: fees referred to in Article 43, paragraph 3 of this Act
p.000805: - publish individual decisions in accordance with Articles 18 and 48 of this Law on the Agency's web pages
p.000805: - initiates and conducts appropriate actions against responsible persons for violation of the General Data Protection Regulation and this Law
p.000805: - performs the tasks of an independent oversight body to monitor the application of Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on
p.000805: the protection of individuals with regard to the processing of personal data by competent authorities for the purpose of preventing, investigating, detecting or prosecuting criminal offenses or
p.000805: the enforcement of criminal sanctions and the free movement of such data and the repeal of Council Framework Decision 2008/977 / JHA, unless
p.000805: special regulations do not specify otherwise
...
p.000805: (2) The provisions of the regulations governing the rights and obligations of civil servants shall apply to employees of the Agency's professional service.
p.000805: (3) The manner of work, the manner of planning and carrying out the affairs, the internal organization and other matters important for the performance of the Agency's activities shall be regulated.
p.000805: Rules of Procedure of the Agency issued by the Director.
p.000805: (4) The Agency's Rules of Procedure shall be approved by the Croatian Parliament. The Ordinance shall be published in the Official Gazette.
p.000805: (5) A decree laying down the principles governing the internal organization of the body shall be appropriately applied to the internal organization of the Agency's professional service.
p.000805: state administration, in the part related to state administrative organizations.
p.000805: (6) The Director shall adopt the Ordinance on the Internal Order, which regulates the number of civil servants required to perform their jobs indicating their status.
p.000805: basic tasks and tasks, and the professional conditions necessary for their performance, their powers and responsibilities, and other issues of relevance to the work
p.000805: Agencies.
p.000805: Article 11
p.000805: The director, deputy director and officers of the Agency may not perform the duties of data protection officer for another manager or executor
p.000805: Release.
p.000805: Article 12
p.000805: (1) The director, the deputy director and the officers of the Agency who carry out the supervision activities shall have an official ID card proving their official identity.
p.000805: trait, identity and authority.
p.000805: (2) The form and content of the official identity card shall be determined by the Rules of Procedure referred to in Article 10 of this Act.
p.000805: Article 13
p.000805: (1) The director, deputy director and employees of the Agency shall be bound by professional secrecy or other appropriate type of secret, in accordance with
p.000805: the law governing the confidentiality of information, to safeguard all personal and other confidential information they learn in the performance of their duties.
p.000805: (2) The obligation referred to in paragraph 1 of this Article shall continue after the termination of the duties of the director, deputy director, or after the termination of service
p.000805: in the Agency.
p.000805: Cooperation with state administration bodies and other bodies
p.000805: Article 14
p.000805: Central state administration bodies and other state bodies are obliged to submit draft laws and other regulations to the Agency.
p.000805: regulate issues related to the processing of personal data for the purpose of giving expert opinions in relation to the field of personal data protection.
p.000805: Collaboration with data protection supervisory authorities of other countries
p.000805: Article 15
p.000805: (1) Representatives of the visiting supervisory authority shall have the power to conduct joint operations, including investigations and joint enforcement measures, in
p.000805: in accordance with the provisions of this Act and the General Data Protection Regulation.
p.000805: (2) By agreement between the Agency and the Visiting Supervisory Body, the Agency shall authorize the representatives of the Visiting Supervisory Body to monitor and
p.000805: participate in the conduct of surveillance activities in accordance with Article 62 of the General Data Protection Regulation.
p.000805: (3) The agreement referred to in paragraph 2 of this Article shall establish the investigative powers referred to in Article 58 (1) of the General Data Protection Regulation to be granted.
p.000805: the visiting supervisory authority and the personal name and position of the representative of the visiting supervisory authority to participate in the joint operation.
p.000805: (4) When representatives of the visiting supervisory authority participate in joint operations in the territory of the Republic of Croatia, the processing manager, the executor
p.000805: the processing and the respondent and all other parties directly involved in the specific action must be aware that before the joint operation begins
p.000805: The operation is also attended by representatives of the visiting supervisory authority.
p.000805: Funds for the Agency's work
p.000805: Article 16
p.000805: Funds for the work of the Agency are provided in the state budget of the Republic of Croatia.
p.000805: Annual Work Report
p.000805: Article 17
p.000805: (1) The Agency shall submit an annual report on its work to the Croatian Parliament no later than March 31 of the current year for the previous year.
p.000805: The annual report must include:
p.000805: - number of inquiries of respondents and number of complaints
p.000805: - the number of decisions taken on the complaint of the respondents and ex officio, including the number of supervisory activities carried out
p.000805: - number of reports received by the processing manager on the breach of personal data referred to in Article 33 of the General Data Protection Regulation and on surveillance activities
p.000805: conducted on the occasion of such reports
p.000805: - number of prior consultations carried out in accordance with Article 36 of the General Data Protection Regulation
p.000805: - Code of Conduct and Certification actions pursuant to Articles 40 to 43 of the General Data Protection Regulation
p.000805: - number of approved contractual clauses and provisions of administrative arrangements in accordance with Article 46 (3) of the General Data Protection Regulation
p.000805: - number and type of violations identified, issued warnings, official warnings and imposed administrative fines and other types of measures taken
p.000805: in accordance with Article 58 (2) of the General Data Protection Regulation
p.000805: - Number and description of international treaties, laws and regulations to which he / she gave an opinion regarding the area of personal data protection, with
p.000805: indication of when the opinion was given at the request of the competent authority and when ex officio
p.000805: - a description of activities within the European Data Protection Board and other umbrella organizations in the field of personal data protection
p.000805: - description of cooperation activities with state and other bodies in the Republic of Croatia
p.000805: - a description of the awareness activities of individuals, processing managers, processing executives and other target groups
p.000805: - analysis and evaluation of the exercise of the right to the protection of personal data.
p.000805: (2) The annual report shall also contain information on the realized revenues and expenses for the reporting period for which the report is submitted.
p.000805: on the number of employees and the structure of employees by qualifications.
p.000805: (3) The annual report shall be published on the Agency's website.
p.000805: Publication of the Agency's opinions and decisions
p.000805: Article 18
p.000805: (1) Agency decisions and opinions regarding the types of processing that, given the nature, extent, context and purpose of processing, may cause
p.000805: high risk to the rights and freedoms of individuals are published on the Agency's website.
p.000805: (2) The opinions and decisions referred to in paragraph 1 of this Article shall be anonymised or pseudonymized.
p.000805: (3) By way of derogation from paragraph 2 of this Article, where the opinions and decisions of the Agency referred to in paragraph 1 of this Article refer to minors,
...
p.000805: property, classified information, trade secrets or to individually and securely identify users of the services, taking into account that they do not prevail
p.000805: the interests of respondents who are contrary to the processing of biometric data from this article.
p.000805: (2) The legal basis for processing biometric data of respondents for the purpose of secure identification of users of services is the express consent of such respondent
p.000805: given in accordance with the provisions of the General Data Protection Regulation.
p.000805: Article 23
p.000805: It is allowed to process biometric data of employees for the purpose of recording working hours and for entering and leaving official premises, if
p.000805: is required by law or if such processing is carried out as an alternative to another solution for recording working hours or entering and exiting official
p.000805: premises, provided that the employee has given express consent to such processing of biometric data in accordance with the provisions of the General Data Protection Regulation.
p.000805: Article 24
p.000805: (1) The provisions of this Act on the processing of biometric data shall apply to respondents in the Republic of Croatia if the processing is carried out by:
p.000805: - Head of processing with business establishment in the Republic of Croatia or providing services in the Republic of Croatia
p.000805: - public authority.
p.000805: (2) The provisions of this Act on the processing of biometric data shall not affect the obligation to carry out an impact assessment in accordance with Article 35 of the General Decree on
p.000805: data protection.
p.000805: (3) The provisions of this Act on the processing of biometric data shall not apply to the fields of defense, national security and security,
p.000805: intelligence system.
p.000805: Processing of personal data by video surveillance
p.000805: Article 25
p.000805: (1) Video surveillance within the meaning of the provisions of this Act refers to the collection and further processing of personal data, which includes the creation of a recording
p.000805: which makes or is intended to form part of a storage system.
p.000805: (2) Unless otherwise stipulated by another law, the provisions of this shall apply to the processing of personal data through video surveillance systems.
p.000805: Act.
p.000805: Article 26
p.000805: (1) The processing of personal data through video surveillance may only be carried out for the purpose necessary and justified for the protection of persons and property, if not
p.000805: the interests of respondents who are opposed to the processing of data via video surveillance prevail.
p.000805: (2) Video surveillance may include rooms, parts of rooms, the exterior surface of the building, as well as the interior space in public
p.000805: traffic, and the supervision of which is necessary to achieve the purpose referred to in paragraph 1 of this Article.
p.000805: Article 27
p.000805: (1) The processing manager or the processing executor is obliged to indicate that the object or individual room in it and the exterior surface of the object are under
...
p.000805: evidence in judicial, administrative, arbitration or other equivalent proceedings.
p.000805: Video surveillance of workrooms
p.000805: Article 30
p.000805: (1) The processing of personal data of employees through video surveillance systems may be carried out only if they are subject to the conditions laid down in this Act
p.000805: the conditions laid down by the regulations governing occupational safety have been fulfilled and if the employees were adequately informed in advance of such
p.000805: measures, and if the employer informed the employees before making the decision to set up a video surveillance system.
p.000805: (2) Video surveillance of work premises shall not include rest rooms, personal hygiene and changing rooms.
p.000805: Video surveillance of residential buildings
p.000805: Article 31
p.000805: (1) The establishment of video surveillance in residential or commercial-residential buildings requires the consent of co-owners of at least 2/3
p.000805: co-ownership parts.
p.000805: (2) Video surveillance may cover only access to entrances and exits of residential buildings and common rooms in residential buildings.
p.000805: (3) It is prohibited to use video surveillance to monitor the performance of janitors, cleaners and other persons working in an apartment building.
p.000805: Video surveillance of public areas
p.000805: Article 32
p.000805: (1) Monitoring of public areas through video surveillance is allowed only to bodies of public authority, legal persons with public authority and legal entities.
p.000805: to persons performing public service only if prescribed by law, if necessary for the performance of the tasks and tasks of public authorities or for the protection
p.000805: the life and health of the people of that property.
p.000805: (2) The provisions of this Article shall not preclude the application of Article 35 of the General Data Protection Regulation to the systematic monitoring of a publicly accessible area in
p.000805: largely.
p.000805: Processing of personal data for statistical purposes
p.000805: Article 33
p.000805: (1) In the framework of the processing of personal data for the purpose of producing official statistics in accordance with specific regulations in the field of official statistics, the bodies
p.000805: which produce official statistics are not obliged to provide respondents with the right of access to personal data, the right to correct personal data, the right to
p.000805: restriction of the processing of personal data or the right to object to the processing of personal data in order to ensure the conditions necessary for the achievement of the purpose
p.000805: official statistics to the extent that such rights are likely to be precluded or seriously jeopardized and, where such rights are attained,
p.000805: derogations necessary to achieve these purposes.
p.000805: (2) Bodies responsible for producing official statistics shall apply the technical and organizational measures for the protection of data collected for
p.000805: official statistics needs.
...
p.000805: Fee for acting on request
p.000805: Article 43
p.000805: (1) The performance of the Agency's tasks shall be carried out without charge in respect of respondents, personal data protection officers, journalists and public authorities.
p.000805: (2) The Agency will charge a reasonable fee based on administrative costs or refuse to act on the request if the respondent's requests are clearly
p.000805: unfounded or excessive, and especially because of their frequency.
p.000805: (3) The Agency shall charge a fee for giving opinions to business entities (law firms, consultants, etc.) that are business
p.000805: subjects requested for the purpose of carrying out their regular business or providing services.
p.000805: (4) The criteria for determining the amount of compensation referred to in paragraphs 2 and 3 of this Article shall be laid down by the Agency. The criteria shall be published in the Official Gazette and on
p.000805: the Agency's website.
p.000805: (5) The amount of compensation referred to in paragraphs 2 and 3 of this Article shall be paid in favor of the state budget.
p.000805: YOU. EXPRESSION OF ADMINISTRATIVE FINES
p.000805: Article 44
p.000805: (1) The Agency shall impose administrative fines for violations of the provisions of this Act and the General Data Protection Regulation, in accordance with Article 83 of the General Regulation
p.000805: on data protection.
p.000805: (2) If an administrative fine is imposed against a legal person with public authority or against a legal person performing public service, pronounced
p.000805: the administrative fine shall not jeopardize the exercise of such public authority or public service.
p.000805: Article 45
p.000805: (1) Administrative fines shall be imposed by decision.
p.000805: (2) The decision referred to in paragraph 1 of this Article shall determine the amount and manner of payment of the administrative fine. The decision may determine that the administrative money
p.000805: the penalty is paid in installments.
p.000805: (3) Where, in accordance with Article 83 of the General Regulation, administrative fines are imposed in addition to the measures referred to in Article 58 (2) (a) to (h) and (j) of the General
p.000805: of the decree, the decision on the administrative fine is made upon the validity of the decision imposing the measure.
p.000805: (4) No appeal shall be allowed against the decision referred to in paragraph 1 of this Article, but an administrative dispute may be instituted before the competent administrative court.
p.000805: (5) The criteria for installment repayment and conditions for termination of installment repayment of the administrative fine shall be determined by the Agency according to the amount of the administrative fine.
p.000805: The criteria shall be published in the Official Gazette and on the Agency's website.
p.000805: Article 46
p.000805: (1) An administrative fine shall be paid within 15 days from the date of the final decision rendering it.
p.000805: (2) If the party fails to pay the administrative fine within the prescribed period or upon maturity of the last installment if installment payment is approved,
p.000805: The Agency shall inform the Regional Office of the Tax Administration of the Ministry of Finance in the territory of which it is domiciled or the seat of the party to which it is
p.000805: imposed administrative fine, for the purpose of collecting administrative fine by compulsory payment under the regulations on compulsory tax collection.
p.000805: (3) Administrative fines shall be paid in favor of the state budget.
p.000805: (4) By way of derogation from paragraph 2 of this Article, no interest shall be charged on the overdue and unpaid administrative fine.
p.000805: Exclusion of administrative fines
p.000805: to public authorities
p.000805: Article 47
p.000805: Without prejudice to the exercise of the Agency's powers set out in the provision of Article 58 of the General Data Protection Regulation in the proceedings conducted
p.000805: an administrative fine may not be imposed on a public authority against a public authority for violations of this Act or the General Data Protection Regulation.
p.000805: Article 48
p.000805: The final decision shall be published on the Agency's website without anonymizing the perpetrator, if the decision determines
p.000805: violations of this Act or of the General Data Protection Regulation in relation to the processing of personal data of minors, special categories of personal data,
p.000805: automated individual decision-making, profiling, if the violation was committed by the processing manager or the processing performer who had already violated
p.000805: provisions of this Act or of the General Data Protection Regulation or if a decision has been taken on an administrative fine in the amount of
p.000805: at least HRK 100,000.00 which has become final.
p.000805: The limitation period for executing an administrative fine
p.000805: Article 49
p.000805: (1) The statute of limitations on the right to collect administrative fines shall be governed by the provisions of the general law governing the tax procedure.
p.000805: (2) The statute of limitations begins to run from the day the decision becomes final.
p.000805: (3) During the period of installment repayment, the administrative fine shall not run.
p.000805: VII. INFRINGEMENTAL PROVISIONS
p.000805: Article 50
p.000805: (1) A fine for an offense in the amount of HRK 5000.00 to HRK 50,000.00 shall be imposed on:
p.000805: - a person acting as the Director and Deputy Director of the Agency if he discloses to the unauthorized person confidential information which he has learned in
p.000805: performing their duties in accordance with Article 13 of this Law
p.000805: - an official of the Agency who discloses to an unauthorized person confidential information which he has learned in the performance of his duties in accordance with Article 13.
p.000805: of this Act.
p.000805: (2) The authorized prosecutor for the offense referred to in this Article shall be the Attorney General.
p.000805: VIII. ADMINISTRATIVE FINES
p.000805: Article 51
p.000805: An administrative fine of up to HRK 50,000.00 shall be imposed on:
p.000805: - the processing manager and the processing contractor who do not mark the object, premises, parts of the room and the exterior surface of the facility in the manner prescribed in Article 27.
p.000805: of this Act
p.000805: - processing manager and processing executor who do not establish an automated system of records for recording access to video surveillance recordings, in accordance with
p.000805: Article 28, Paragraph 4 of this Law
p.000805: - persons referred to in Article 28, paragraph 1 of this Act, who use video recordings from the video surveillance system contrary to Article 28, paragraph 2 of this Act.
p.000805: IX. TRANSITIONAL AND FINAL PROVISIONS
p.000805: Article 52
p.000805: (1) On the day this Law enters into force:
p.000805: - Personal Data Protection Agency established by the Law on Personal Data Protection (Official Gazette 103/03, 118/06, 41/08, 130/11 and
p.000805: 106/12. - consolidated text; hereinafter referred to as the Personal Data Protection Agency), as a legal person with public authority, becomes a state body and
p.000805: continues to operate under the same name
p.000805: - The Agency, as a successor of the Personal Data Protection Agency, takes over its affairs, records and other documentation, funds for
p.000805: work, financial resources, rights and obligations, as well as employees
p.000805: - Employees of the Personal Data Protection Agency become civil servants or employees.
p.000805: (2) Until the adoption of the ordinance on the internal order referred to in Article 54 of this Act and the allocation to posts in accordance with the regulations on state
p.000805: employees of the Agency for the Protection of Personal Data continue to perform the activities they were found on the day this Law enters into force.
p.000805: Law and retain all employment rights.
p.000805: Article 53
p.000805: (1) Within eight days from the day this Law enters into force, the central state administration body competent for the state administration system shall initiate
p.000805: the process of appointing a director and a deputy director.
p.000805: (2) A person found in the position of the Director of the Agency for Protection of Personal Data on the day this Law enters into force shall continue to perform
p.000805: the duty of the Director until the appointment of the Director of the Agency in accordance with this Act.
p.000805: Article 54
...
Orphaned Trigger Words
p.000805: the process of appointing a director and a deputy director.
p.000805: (2) A person found in the position of the Director of the Agency for Protection of Personal Data on the day this Law enters into force shall continue to perform
p.000805: the duty of the Director until the appointment of the Director of the Agency in accordance with this Act.
p.000805: Article 54
p.000805: (1) The Director shall, within 60 days from the day of his appointment, submit to the Croatian Parliament for approval the Agency's Rules of Procedure.
p.000805: (2) The Director shall, within 30 days from the entry into force of the Ordinance referred to in paragraph 1 of this Article, adopt the Ordinance on the Internal Order.
p.000805: (3) Until the Agency's Rules of Procedure enter into force, the Statute of the Agency for the Protection of Personal Data shall apply.
p.000805: Article 55
p.000805: Proceedings initiated before the entry into force of this Act shall continue and be completed in accordance with the provisions of the Personal Data Protection Act (
p.000805: Gazette «, no. 103/03., 118/06., 41/08., 130/11. and 106/12. - consolidated text).
p.000805: Termination of regulations
p.000805: Article 56
p.000805: With the entry into force of this Act, the Law on Protection of Personal Data (Official Gazette 103/03, 118/06, 41/08, 130/11 and 130/11 and
p.000805: 106/12. - consolidated text), the Decree on the manner of keeping and the form of records on personal data collections (Official Gazette, No. 105/04) and the Decree on the
p.000805: the manner of storage and special measures of technical protection of special categories of personal data (Official Gazette 139/04).
p.000805: Entry into force
p.000805: Article 57
p.000805: This Law shall be published in the Official Gazette and shall enter into force on 25 May 2018.
p.000805: Class: 022-03 / 18-01 / 55
p.000805: Zagreb, 27 April 2018
p.000805: CROATIAN PARLIAMENT
p.000805: President
p.000805: Of the Croatian Parliament
p.000805: Gordan Jandroković, v. R.
...
Appendix
Indicator List
Indicator | Vulnerability |
access | Access to Social Goods |
authority | Relationship to Authority |
child | Child |
criminal | criminal |
employees | employees |
gender | gender |
home | Property Ownership |
officer | Police Officer |
opinion | philosophical differences/differences of opinion |
party | political affiliation |
police | Police Officer |
political | political affiliation |
property | Property Ownership |
prosecuted | Prosecuted |
union | Trade Union Membership |
Indicator Peers (Indicators in Same Vulnerability)
Indicator | Peers |
home | ['property'] |
officer | ['police'] |
party | ['political'] |
police | ['officer'] |
political | ['party'] |
property | ['home'] |
Trigger Words
consent
justice
protection
risk
Applicable Type / Vulnerability / Indicator Overlay for this Input