Privacy Law at Bosnia and Herzegovina
Bosnia and Herzegovina's (BiH) Personal Data Protection Law has undergone significant reforms to align with the European Union's General Data Protection Regulation (GDPR). The new legislation, enacted in January 2025, replaces the outdated 2006 law and introduces comprehensive measures to enhance data privacy and security.
📜 Overview of the 2025 Personal Data Protection Law
The 2025 law establishes a robust framework for the collection, processing, and protection of personal data, emphasizing transparency, accountability, and individuals' rights Key provisions include:
Enhanced Individual Rights:Individuals are granted expanded rights, such as access to personal data, correction, deletion (right to be forgotten), restriction of processing, data portability, and objection to processing, including automated decision-making
Stricter Organizational Obligations:Organizations must ensure transparent processing, implement technical and organizational security measures, maintain records of data processing activities, and report data breaches to the Personal Data Protection Agency (PDPA) within 72 hours
Appointment of Data Protection Officers (DPOs):Organizations engaged in large-scale processing or handling sensitive data are required to appoint DPOs to oversee compliance and serve as points of contact for individuals and regulators
International Data Transfers:Transfers of personal data outside BiH are permitted only to countries that provide adequate data protection measures or when specific safeguards are in place
🏛️ Enforcement and Penalties
The Personal Data Protection Agency (PDPA) is responsible for overseeing compliance with the law and has the authority to impos:
Administrative Fines Fines of up to BAM 100,000 (approximately EUR 50,000) for violation.
Criminal Sanctions Criminal prosecution for unauthorized collection, processing, or sharing of personal data, potentially resulting in fines or imprisonmen
Civil Liabilities Individuals may seek compensation for damages resulting from violations of their data protection right
🌐 International Alignmen
BiH has ratified Convention 108+—the Council of Europe's modernized data protection treaty—demonstrating its commitment to international standards for data privay This ratification aligns BiH with global best practices and facilitates cooperation with other nations on data protection mattes.
✅ Summary
Bosnia and Herzegovina's updated Personal Data Protection Law establishes a comprehensive and GDPR-aligned framework for data privay Organizations operating in BiH must ensure compliance with the new regulations to protect individuals' privacy rights and avoid potential penaltis.
RELATED Blog
0 comments