Zdravko Vukić

Zdravko Vukić, director of Croatian Personal Data Protection Agency

 In its nearly two-decade history, the Croatian Data Protection Agency has reached a milestone in 2023 with its most productive reporting period to date. This period saw a record number of supervisory activities and awareness-raising campaigns highlighting the importance of data protection rights as fundamental rights.

 The past year stands out for the Agency’s enforcement actions, including the highest number of administrative fines ever imposed under the General Data Protection Regulation in the Republic of Croatia. A total of 8,266,350.00 euros in fines were imposed, underscoring a strong message that any serious violations of the fundamental rights of EU citizens – the right to personal data protection and the right to privacy – will result in severe consequences.

In parallel, the Agency remained dedicated to the implementation of the EU-funeded project ARC II (Awareness Raising Campaing for SMEs), focusing on micro, small, and medium-sized enterprises, and continued to carry out educational activities for all stakeholders.  Collaboration with counterparts from the Italian supervisory authority and academia also led to the development of “Olivia,” an innovative web tool designed to assist entrepreneurs in aligning their business practices with data protection laws.

The Agency’s involvement in the work of the European Data Protection Board, particularly through participation in expert subgroups, and Committee of the Convention 108 of the Council of Europe, further underscores its commitment to ensuring consistent and effective implementation of the General Data Protection Regulation, thereby enhancing data protection standards.

In 2023, significant focus was placed on the importance of data protection officers (DPOs) within organizations, acknowledging their crucial role in upholding compliance with data protection laws. A notable outcome of actively engaging in the European Data Protection Board’s enforcement action on the role of data protection officers that resulted in over 3000 supervisory actions. To further assist Croatian DPOs, we organized and conducted thorough training programs tailored for DPOs working in the healthcare and education sectors as part of the EDPB Support Pool of Experts Initiative.

Looking ahead, as Artificial Intelligence continues to evolve and potentially impact human rights and freedoms, the significance of personal data protection and privacy will only grow. Ensuring compliance with the General Data Protection Regulation at all stages of AI system development and use will be crucial in safeguarding individuals’ rights and freedoms.

In conclusion, it is essential to understand that the General Data Protection Regulation does not impede technological progress but rather serves as a foundation for the development of human-centered and trustworthy AI systems. By adhering to data protection regulations, we can leverage the full potential of AI while mitigating risks to individuals’ rights and freedoms.