Skip to main content

The Data Protection Officer (DPO), as defined by the General Data Protection Regulation (GDPR) of the European Union and Article 56 of the Law on Personal Data Protection (Official Gazette of the Republic of Serbia No. 87/2018), is an authorized individual responsible for ensuring compliance with data protection regulations.

Controllers and processors of personal data are obligated to appoint a Data Protection Officer (DPO) in the following situations:

  • When processing is carried out by public authorities, except for processing by courts in the exercise of their judicial powers.
  • When the core activities of the controller or processor involve processing operations that, by their nature, scope, or purposes, require regular and systematic monitoring of data subjects on a large scale.
  • When the core activities of the controller or processor involve processing of special categories of personal data (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation), or data relating to criminal convictions and offences, with the additional condition that processing referred to in this point is carried out on a large scale.

Controllers and processors who are required to appoint a Data Protection Officer and fail to do so commit an offense punishable by law including a fine ranging from 5,000 to 2,000,000 RSD, depending on whether the controller or processor is a legal entity, an entrepreneur, or a natural person, and the responsible individual within the legal entity is also subject to penalty.

The DPO must be an independent individual responsible for ensuring that the organization complies with the Law on Personal Data Protection (LPDP) and GDPR when processing personal data of clients, partners, visitors, employees, and others.

Furthermore, when a group of business entities appoints a common DPO (provided that this individual is equally accessible to each member of the group), it is still ONE natural person, as is the case when controllers or processors, as public authorities or competent authorities, determine that it is appropriate to appoint ONE common DPO, taking into account the organizational structure and size of these public authorities.

All those who appoint a Data Protection Officer, including those not obligated by the LPDP, ARE REQUIRED: 1) to PUBLISH the contact details of the Data Protection Officer and 2) to SUBMIT appointment decision to the Commissioner. Failure to do so constitutes an offense punishable by a fine of 20, 50, or 100,000 RSD, depending on the same criteria as those related to the offense due to failure to appoint a Data Protection Officer.

Your Data Protection Officer (DPO)

Outsourced DPO on Demand

Your choice to delegate the role of Data Protection Officer (DPO) to our consulting team ensures effective legal compliance and streamlines the management of personal data protection. Entrusting this crucial responsibility to a seasoned expert guarantees transparency, aligns processes, reduces operational expenses, and enhances relationships with clients, partners, and staff.

We meticulously tailor our proposals to suit the needs of diverse companies and organizations, considering their organizational structure and data handling requirements. Our aim is to establish a long-term partnership, where we grasp the business environment and culture to seamlessly execute DPO activities without adding pressure to your management.

Why Engage a Data Protection Officer?

Hiring an outsourced Data Protection Officer from DPO SUPPORT offers adaptable, customized assistance for data protection, guidance, and specialized knowledge to your organization, no matter where you are located in the Southeast European region.

The role of the Data Protection Officer (DPO) is pivotal and can be seen as a managerial position. The DPO’s main objective is to oversee and ensure your organization’s compliance with relevant regulations in the realm of personal data protection (LPDP/GDPR). This is achieved through ongoing education and the implementation of regulations, procedures, and protocols.

By partnering with the DPO SUPPORT team, you gain full compliance and the following advantages:

  • Application of Best Practices: We bring the best European practices and experiences to your organization’s data protection efforts.
  • Professional Partnership: We establish a professional partnership focused on achieving your data protection goals.
  • Transparent Performance Measurement: We provide transparent measurement of performance and results, ensuring accountability.
  • Continuous Support: Benefit from continuous support from our expert consultants in data protection and corporate security.
  • Business Loyalty: All activities are conducted as part of your team, fostering a sense of loyalty and collaboration.
  • Risk Transfer: Our DPO team assumes complete risk transfer, providing peace of mind.
  • High-Quality Expertise: We offer high-quality expertise in all projects involving personal data, ensuring thorough and reliable solutions.
  • Time and Flexibility: Save resources with our flexible team, which adapts to the specific needs of your business.
  • Cost Control: Choose a service package tailored to your needs and accurately forecast the budget for the coming year.
  • Comprehensive Information and Expert Advice: Receive timely and comprehensive information and expert advice on LPDP/GDPR obligations and other legal provisions related to data protection and security.
  • Collaboration with Authorities: We facilitate collaboration with supervisory authorities, the Commissioner, inspection oversight, and the Ministry of Interior Affairs.
  • Compliance Supervision: Our team oversees compliance and ensures comprehensive implementation of LPDP/GDPR and other data protection provisions aligned with your organization’s policy.
  • Compliance Assurance: The independent work of our outsourced DPO experts ensures protection against conflicts of interest and facilitates the management of activities related to personal data.

By thoroughly organizing and aligning your company’s practices with regard to personal data protection and involving our expert DPO team, you confirm your commitment to your values and business. This helps enhance your credibility and reputation. Prioritizing security demonstrates to your service users, clients, and partners that their interests are paramount. You become a trusted partner who prioritizes the protection of personal data.


If you’re getting different questions, messages, or complaints about data protection laws like LPDP/GDPR, but you don’t have clear answers, enough time, or expertise, and you’re not sure where to begin, contacting us is a good first step. We’ll start by talking with our experts who will look at how your processes work and find any gaps. Then, we’ll suggest changes to your organization and put in place the right rules and steps to make sure you’re following the law properly.

The expert team at DPO SUPPORT acts as a central hub for handling everything related to protecting personal data and resolving any disputes. We act as a buffer between you and other parties. Our team of experts in data protection and corporate security is known for being independent and focused on getting results. That’s why we’re always ready to ensure that you comply with laws like LPDP/GDPR and any other rules about handling data.