Privacy Laws

Croatia's data protection in comparison to the GDPR

The flag of Croatia with a city in the background, showing the coastline. — © kite_rin / stock.adobe.com | #242952270

General overview

In Croatia, the framework for personal data protection is primarily governed by the General Data Protection Regulation (GDPR) and the General Data Protection Regulation Implementation Act of 2018. This legislative combination serves as a robust mechanism for safeguarding personal data. While the GDPR provides the overarching rules, the Implementation Act addresses specific circumstances and nuances relevant to Croatia.

GDPR opening clauses

The GDPR became effective across the European Union on May 25, 2018. On the same day, Croatia enacted its General Data Protection Regulation Implementation Act, replacing the previous Personal Data Protection Act of 2003. The Implementation Act aligns with the GDPR and serves to facilitate its application within Croatia.

Key differences and national specifics

Children's data: The Implementation Act has specific provisions concerning the consent required for processing children's data in relation to information society services.
Genetic and biometric data: The Act also lays down rules for the processing of genetic and biometric data, adding an extra layer of protection for these special categories of personal data.
Video surveillance: The Act contains distinct guidelines for the processing of personal data collected through video surveillance, which is not explicitly covered by the GDPR.
Statistical purposes: The Act provides additional rules for the processing of personal data for statistical purposes, offering more clarity on what is permissible.
Guidance and opinions: The Personal Data Protection Agency (AZOP) in Croatia issues guidelines, opinions, and recommendations on specific data processing issues. These are available on AZOP's official website and often align with guidelines issued by the European Data Protection Board (EDPB).

Conclusion

Croatia has effectively integrated the GDPR into its national legal framework through the General Data Protection Regulation Implementation Act of 2018. This Act not only ensures compliance with the GDPR but also addresses specific Croatian contexts, such as children's data and biometric data processing. The Personal Data Protection Agency (AZOP) plays a crucial role in offering additional guidance and clarifications, making Croatia's data protection framework both comprehensive and tailored to its unique needs.

Write email

Group	external media
Name	Calendly
Technical name	_cf_bm,__cfruid,OptanonConsent
Provider	Calendly LLC
Expire in days	365
Privacy policy	https://calendly.com/privacy
Use	To arrange appointments via the provider Calendly.
Allowed
Group	essential
Name	Contao CSRF Token
Technical name	csrf_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Serves to protect the website from being falsified by cross-site requests. The cookie is deleted again after the browser is closed.
Allowed
Name	Contao HTTPS CSRF Token
Technical name	csrf_https_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Used to protect the encrypted website (HTTPS) from being falsified by cross-site requests. The cookie is deleted again after the browser is closed.
Allowed
Name	PHP SESSION ID
Technical name	PHPSESSID
Provider	Contao
Expire in days	0
Privacy policy
Use	Cookie from PHP (programming language), PHP data identifier. Contains only a reference to the current session. No information is stored in the user's browser and this cookie can only be used by the current website. This cookie is mainly used in forms to increase user-friendliness. Data entered in forms is stored for a short time, for example, if the user makes an input error and receives an error message. Otherwise, all data would have to be entered again.
Allowed
Name	FE USER AUTH
Technical name	FE_USER_AUTH
Provider	Contao
Expire in days	0
Privacy policy
Use	Saves a visitor's information as soon as they log in to the frontend.
Allowed