The law regulates the supervisory authority’s composition, authorities and principles of work, as well as specificities related to administrative fines and to the proceedings in front of supervisory authority and administrative courts.
It also provides some specific provisions related to processing of genetic and biometric data, video surveillance, children’s data and processing for statistical purposes. However, the current law does not provide for specific provisions related to data protection officers. Also, there is no longer a provision that data made available to the public by data subject represent the lawful processing basis itself.
Read full article: Croatian GDPR implementation law — main features and unanswered questions