The implementation of the Law on Personal Data Protection shall be supervised by the Commissioner.

The Commissioner shall perform supervision through authorized officers -inspectors. While performing supervision, inspectors shall furnish their official identification documents and shall carry out their supervision duties in a professional and timely fashion and produce records of their enforcement activities.

Inspectors shall use knowledge acquired ex officio or learned from appellants or third parties, while persons responsible for data protection under this Law shall enable inspectors to freely carry out supervision duties and shall give them access to all necessary documents.

According to the law and other regulations governing data secrecy inspectors shall keep all data they learn while performing supervision, unless provided otherwise. This duty shall continue to subsist after the expiration of an incumbent's term of office.

If violations of the provisions of this Law pertaining to processing are identified in the course of supervision, the Commissioner shall caution the data controller against any irregularities in processing.

On the basis of the findings of an inspector, the Commissioner may:

  1. Order the rectification of such irregularities within a specified period of time;
  2. Temporarily ban any processing carried out contrary to the provisions of this Law;
  3. Order the deletion of data collected without proper legal grounds.

The Commissioner shall also supervise transborder transfer of data out of the Republic of Serbia and shall approve transborder transfer of data.

Commissioner's rulings shall not be subject to appeal, but they may be challenged in administrative proceedings by bringing legal action before the Supreme Court of Serbia.

The Commissioner shall ex officio file petitions for institution of infringement proceedings in cases of violation of the provisions of this Law.