Croatia's data protection in comparison to the GDPR
In Croatia, the framework for personal data protection is primarily governed by the General Data Protection Regulation (GDPR) and the General Data Protection Regulation Implementation Act of 2018. This legislative combination serves as a robust mechanism for safeguarding personal data. While the GDPR provides the overarching rules, the Implementation Act addresses specific circumstances and nuances relevant to Croatia.
GDPR opening clauses
The GDPR became effective across the European Union on May 25, 2018. On the same day, Croatia enacted its General Data Protection Regulation Implementation Act, replacing the previous Personal Data Protection Act of 2003. The Implementation Act aligns with the GDPR and serves to facilitate its application within Croatia.
Key differences and national specifics
- Children's data: The Implementation Act has specific provisions concerning the consent required for processing children's data in relation to information society services.
- Genetic and biometric data: The Act also lays down rules for the processing of genetic and biometric data, adding an extra layer of protection for these special categories of personal data.
- Video surveillance: The Act contains distinct guidelines for the processing of personal data collected through video surveillance, which is not explicitly covered by the GDPR.
- Statistical purposes: The Act provides additional rules for the processing of personal data for statistical purposes, offering more clarity on what is permissible.
- Guidance and opinions: The Personal Data Protection Agency (AZOP) in Croatia issues guidelines, opinions, and recommendations on specific data processing issues. These are available on AZOP's official website and often align with guidelines issued by the European Data Protection Board (EDPB).
Croatia has effectively integrated the GDPR into its national legal framework through the General Data Protection Regulation Implementation Act of 2018. This Act not only ensures compliance with the GDPR but also addresses specific Croatian contexts, such as children's data and biometric data processing. The Personal Data Protection Agency (AZOP) plays a crucial role in offering additional guidance and clarifications, making Croatia's data protection framework both comprehensive and tailored to its unique needs.