Presentation is loading. Please wait.

Presentation is loading. Please wait.

Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.

Published byNora Wilkerson Modified over 8 years ago

Similar presentations

Presentation on theme: "Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency."— Presentation transcript:

1 Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency in Bosnia and Herzegovina Transfer of personal data from Bosnia and Herzegovina – the legal framework and practice of the Agency

2 Law on Protection of Personal Data („Official Gazette of Bosnia and Herzegovina“ No: 49/06, 76/11 i 89/11) Bosnia and Herzegovina ratified Convention of Council of Europe for Protection of Individuals Regarding the Automatic Processing of Personal Data (ETS 108). The Agency was established by the Law on Protection of Personal Data and it has started its work in 2008. Personal data protection in BiH

3 Personal Data Protection in BiH Law on Amendments to the Law on the Protection of Personal Data („Official Gazette of Bosnia and Herzegovina“ 76/11) The amendments ensured convergence of the Law with European Union Legislation that refers to personal data protection. The most important Amendments to the Law refer to establishment of mechanisms and institutes that will provide a substantial independence for the Agency as a prerequisite for the efficient operation. Amendments to the Law regarding the stipulated conditions for data transfer abroad in relation to the earlier decision where data transfer abroad was not regulated in detail.

4 Article 17. Before any data transfer abroad it is necessary to check if there is a legal basis for data delivery to third parties, which is regulated by the Article 17 of the Law on Protection of Personal Data According to the Article 17 of the Law: (1) The data controller may not provide personal data to any users prior to notifying thereof the data subject. If the data subject does not consent to providing of the personal data, the data shall not be disclosed to the third party unless such disclosure is in the public interest. (2) The personal data controller is authorized to provide personal data to other users based on the user’s written request if this is necessary for carrying out tasks within the competence specified by law or for exercising of lawful interests of the user. (3) The written request shall indicate the purpose and legal grounds for the personal data use, and the type of personal data requested.

5 Data transfer abroad Article 18 of the Law, paragraphs (1) and (2) (1) Personal data shall not be transferred from Bosnia and Herzegovina to another country or provided for use to any international organization that applies adequate personal data protection measures stipulated by this Law. (2) Adequacy of safeguards referred to in paragraph (1) of this Article is estimated on the basis of specific circumstances in which the transfer of personal data is conducted, in which particularly the following shall be taken into account: a) types of personal data; b) the purpose and period of processing; c) the country in which data is transferred; d) statutory rules in force in the country in which data are transferred; e) professional rules and security measures that must be respected in that country. Countries and international organizations that apply adequate personal data protection measures are those that signed the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS. 108) 28 January, 1981 („Official Gazette of Bosnia and Herzegovina“ – International Agreements, No.: 7/04).

6 Data transfer abroad Article 18 of the Law, paragraph (3) (3)Personal data that are processed may be taken out of Bosnia and Herzegovina to another country or provided for use to any international organization that does not provide adequate safeguards stipulated by this law when: a) the disclosure of personal data is provided by special law or international treaty binding for Bosnia and Herzegovina; b)the prior consent was obtained from the person whose data are transferred and the person was informed on the potential consequences of the data transfer; c)the disclosure of personal data is necessary to fulfill the contract between the data subject and the controller or the fulfillment of pre-contractual obligations undertaken at the request of the person whose data are processed; d)the disclosure of personal data is necessary to save the life of the person to whom the data pertains or when it is in his/her vital interests; e)the personal data are transferred from the files or records which are, in accordance with the law or other regulations, available to the public; f)the transfer of personal data is necessary for the public interest reasons; g)the transfer of personal data is necessary for concluding or fulfilling a contract between the controller with a third party, when the contract is in the interest of the person whose data are processed.

7 Data transfer abroad Article 18 of the Law, paragraph (4) Exceptionally, the Agency may approve the transfer of data from Bosnia and Herzegovina to another country which does not provide an appropriate level of protection as defined in paragraph (1) of this Article, when a controller in another country provides adequate safeguards for the protection of privacy and fundamental rights and freedoms of individuals or provision of similar rights arises from the provisions of a special agreement.

8 Practice of the Agency regarding personal data transfer abroad -Most of the queries regarding the personal data transfer abroad Agency were received from banks in BiH, public authorities, natural persons and legal entities. -We also have some queries from NGO sector and media but particularly interesting is the fact that media very often ask for our competent answers regarding different areas in the field of personal data protection.

9 Practice of the Agency regarding personal data transfer abroad -Bank queries regarding delivery of personal data to USA for the purpose of IRS (Internal Revenue Service in USA) reporting on balance of US residents who are staying in BiH in accordance to FATCA Law (Foreign Account Tax Compliance). -There is no agreement in Bosnia and Herzegovina about tax information exchange with USA. -Application of Article 18, paragraph (3) of Law on the Protection of Personal Data. -In the specific case transfer is allowed if there is a consent obtained from the person whose data are transferred and the person was informed on the potential consequences of the data transfer, so it is recommended, in case of conclusion of contract with bank clients, to get a written consent of data subject for that kind of processing, which includes compliance with all legal provisions and informing clients about possible consequences of that kind of processing.

10 -Query regarding personal data delivery by banks in BiH to processors in USA and India. -Application of Article 18, paragraph (3) of the Law. -Prior consent obtained from data subject. -A person should be informed about possible consequences of the data transfer. -Additionally, a contract with processor is necessary in accordance with Article 12 of the Law, which regulates data processing by a processor. Practice of the Agency regarding personal data transfer abroad

11 Data processing by a Processor -If the Law does not exclude data processing by a processor, the controller may conclude a contract with the processor on personal data processing. The contract shall have to be concluded in writing. -The contract shall specify the scope, purpose and the period of time for which the contract has been concluded, as well as adequate guarantees of the processor in terms of technical and organizational protection of personal data. -Data processing by the processor shall have to be regulated by a contract, which shall bound the processor towards the controller, in particular that the processor shall act only on the basis of the controller’s instructions in accordance with the provisions of this Law. -The processor shall be responsible for personal data processing according to the data controller’s instructions. While exercising his/her duties, the processor shall not transfer its responsibility to other processors, unless explicitly instructed by the data controller to do so.

12 Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency in Bosnia and Herzegovina Thank you for your attention phone: 033 726 250 fax: 033 726 251 e-mail: azlpinfo@azlp.gov.baazlpinfo@azlp.gov.ba web: www.azlp.gov.bawww.azlp.gov.ba

Download ppt "Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency."

Similar presentations

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
Protection of Personal Data, 11.02.2011. Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.

Protection of Personal Data, Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.
Taking of evidence within the European Union Council regulation no 1206/2001 on cooperation between the courts of Member States in the taking of evidence.

Taking of evidence within the European Union Council regulation no 1206/2001 on cooperation between the courts of Member States in the taking of evidence.
China on the way to a high-technology country: The legal policy perspective Stefan Luginbuehl Lawyer, International Legal Affairs.

China on the way to a high-technology country: The legal policy perspective Stefan Luginbuehl Lawyer, International Legal Affairs.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.
EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Overview

Data Protection Overview
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data.

Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data.
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,

LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,
SWISS DATA PROTECTION LAW AND PERSONAL DATA SECURITY MEASURES.

SWISS DATA PROTECTION LAW AND PERSONAL DATA SECURITY MEASURES.
Tax Information Exchange: approach of the Member States of the BRICS Pustovalov Evgeny Eurasian Research Centre for Comparative and International Tax Law,

Tax Information Exchange: approach of the Member States of the BRICS Pustovalov Evgeny Eurasian Research Centre for Comparative and International Tax Law,
M. ANGELA JIMENEZ 1 UNIT 5. REGULATION OF EXTERNAL AUDIT IFAC AND E.C.

M. ANGELA JIMENEZ 1 UNIT 5. REGULATION OF EXTERNAL AUDIT IFAC AND E.C.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.

Similar presentations

Ads by Google