Risk assessment in GDPR – adequate or fake measures?

When advising organisations how to comply their businesses with GDPR, i.e., with the Serbian Law on Personal Data Protection, many times we received answers that organisations apply “best information security practices”. What does this formulation mean?

Our Partner Ivan Milošević and Senior Associate Andrea Cvetanović, together with Prof. Dr. Gojko Grubor, give a comprehensive analysis of how organisations must implement adequate organisational and technical measures proportional to risks assessed, in order to comply with GDPR. Controllers and processors must perform information security risk assessment and assess risks of business activities (processing activities) for personal data (assess the security of the processing of personal data), in order to be able to respond to risks for personal data and risks for rights and freedoms of data subjects, i.e., to apply adequate technical, organisational and legal measures to mitigate identified risks to an acceptable level.

The full analysis can be downloaded HERE

Scroll to Top

Privacy Policy

Law firm Janković, Popović & Mitić Beograd takes care of your privacy. As a controller and in accordance with the Law on Personal Data Protection and other applicable personal data protection regulations, we are obliged to provide you with information related to processing of your personal data.

We use cookies to help improve your experience of our website by measuring how it’s used.

Read our Privacy & Cookie policy for more information.

This Privacy Notice describes which personal data we collect from you and in which manner, how we use and share your personal data. It contains information on purposes and legal grounds for processing, on the time period in which we store your personal data, the manner we protect this data as well as on your rights.