20th anniversary of personal data protection in Croatia,

24th May 2024, Zagreb, Croatia


Welcome to the website dedicated to the conference marking the 20th anniversary of the establishment of the Croatian Personal Data Protection Agency.

We invite you to the conference titled “Risks and Compliance in the Age of AI,” that will be held on 24 May 2024, in Zagreb, Croatia. As we gather to commemorate this momentous occasion, your presence would be greatly appreciated


Since the establishment of the Croatian Personal Data Protection Agency in 2004, the world has experienced profound technological advancements, significantly altering how people communicate, work, shop, and engage with their surroundings. Social media platforms have revolutionized interpersonal interaction and information sharing; cloud computing has fundamentally altered data storage, processing, and accessibility; the digital banking revolution has provided individuals with the convenience of accessing banking services through websites and mobile apps; and the rise of e-commerce has transformed the retail sector. Advances in technology and data analytics have enabled marketers to gather and analyze vast amounts of customer data, allowing for more targeted and personalized marketing campaigns. Moreover, we are currently facing the evolving landscape shaped by AI-powered technologies and their impacts on fundamental rights and freedoms.

Over the past two decades, there has been a noticeable shift in public awareness regarding data privacy concerns. Individuals are increasingly vigilant about sharing personal data online and are demanding greater transparency and control over their data.

Throughout these changes, the Croatian Personal Data Protection Agency has remained steadfast in its commitment to safeguarding the fundamental rights of Croatian citizens. Through various educational activities, initiatives, and EU-funded projects, the Agency persistently works to raise awareness about personal data protection and privacy among all stakeholders.

The General Data Protection Regulation (GDPR), which applies fully across the EU as of 25 May 2018, is at the heart of the EU legal framework, guaranteeing the fundamental right to data protection.

In our increasingly digitalized economy, safeguarding personal data has become more critical than ever, forming an integral part of a human-centric approach to navigating the opportunities and challenges presented by the digital era and Artificial Intelligence. This imperative is not only a matter of fundamental rights, as recognized by both EU and national constitutional frameworks, but also a democratic necessity. Moreover, it serves as an economic imperative; the sustainable growth of the European data-driven economy relies heavily on consumers’ trust in the responsible handling of their data.

Although the GDPR has been widely acclaimed for its significant achievements in raising awareness about personal data protection and enhancing data processing practices worldwide, challenges persist in its implementation, particularly for SMEs. Despite nearly six years since the GDPR became applicable in the EEA, many SMEs continue to grapple with compliance due to limited human and financial resources.

In Croatia, as well as across the EU, SMEs constitute over 99% of enterprises, which makes them the backbone of the European economy. At the same time, they represent the largest group of data controllers/processors handling vast amounts of personal data. Recognizing the difficulties SMEs face in adhering to the GDPR, the European Commission provides financial support to data protection authorities to assist SMEs in their compliance efforts.

The conference is part of the outreach activities of the EU-funded project ARC II aimed at supporting Croatian and Italian SMEs in their efforts to comply with the data protection legal framework.

Keynote – Zdravko Vukić
Zdravko Vukić

In its two-decade history, the Croatian Data Protection Agency has reached a milestone in 2023 with its most productive reporting period to date. This period saw a record number of supervisory activities and awareness-raising campaigns highlighting the importance of data protection rights as fundamental rights.

The past year stands out for the Agency’s enforcement actions, including the highest number of administrative fines ever imposed under the General Data Protection Regulation. A total of 8,266,350.00 euros in fines were imposed, underscoring a strong message that any serious violations of the fundamental rights of EU citizens – the right to personal data protection and the right to privacy – will result in severe consequences.

Read more…