In accordance with the authority under the Law on Personal Data Protection, the Commissioner, by decision of 23/08/2021. adopted the request of the company "ERNST & YOUNG" d.o.o. Belgrade-New Belgrade and approved the first binding corporate rules (BCR) – Controller Policy from 01/08/2021. Request of the company "ERNST & YOUNG" d.o.o. Belgrade-New Belgrade was also the first request for approval of binding corporate rules that the Commissioner received in accordance with the Law on Personal Data Protection.
The Commissioner takes this opportunity to remind controllers and processors of their legal obligation that, if on the basis of binding corporate rules they export data from the Republic of Serbia to another country or to an international organization for which the Government of the Republic of Serbia has not established an appropriate level of protection, those rules must be approved by the Commissioner for Information of Public Importance and Personal Data Protection of the Republic of Serbia.