Bosnia & Herzegovina: AZLP recommends organisations to notify data breaches
The Agency for Personal Data Protection in Bosnia and Herzegovina ('AZLP') published, on 18 August 2022, its opinion, as issued on 8 February 2022, in which it responded to queries from an organisation that had suffered from a cybersecurity incident. In particular, the AZLP took the view that the Law on the Protection of Personal Data No. 49/06 ('PDPL') should be harmonised with the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). Therefore, while there is no explicit obligation to notify the AZLP of data breaches under the Law, the AZLP confirmed that it is nevertheless recommended for organisations in Bosnia and Herzegovina to apply Articles 33 and 34 of the GDPR. Finally, the AZLP indicated that it supports controllers in implementing measures to comply with the GDPR, including the appointment of data protection officers ('DPOs'), adding that such activities should be consulted with the AZLP.
You can download the opinion, only available in Bosnian, here.