ZAGREB – Last year, 28 administrative fines were imposed for violations of the General Data Protection Regulation (GDPR) amounting to 8.3 million euros, the highest so far, said the director of the Personal Data Protection Agency Zdravko Vukić at a gathering marking the 20th anniversary of the agency’s founding on Friday.
He emphasized that we are among the top countries in the EU for imposing fines for GDPR violations, adding that the visibility of the Personal Data Protection Agency (AZOP) has increased over the past year.
“We utilized all our advisory and corrective powers in terms of imposing high administrative fines for violations of the General Data Protection Regulation (GDPR).
Thus, the Personal Data Protection Agency imposed 28 administrative fines exceeding 8 million euros in 2023 alone,” he said at the conference titled “Risks and Compliance with GDPR in the Age of Artificial Intelligence,” held to mark the 20th anniversary of personal data protection in Croatia and the founding of the Agency.
He explained that such high fines were imposed because the rules for personal data protection were frequently violated.
“We also organize many consultations, and today we have a presentation of the EU project ARC II to support Croatian and Italian entrepreneurs in complying with the legal framework for data protection, focusing on small and medium enterprises. We will also present our innovative digital tool ‘Olivia’ designed to help entrepreneurs comply with the data protection regulation,” Vukić stated.
The Minister of Justice, Public Administration, and Digital Transformation Damir Habijan said that 20 years is not insignificant, especially considering how much the world has changed in the digital segment over the past two decades, but many challenges have been successfully overcome.
The accelerated development of digital technology, he added, and the development of artificial intelligence, pose numerous challenges to AZOP and the legislature when it comes to personal data protection.
“Given the accelerated trend and digitalization, legislative bodies will certainly have to change strategic documents, but also the legislative framework,” Habijan said.
The first 10 years of AZOP were marked by Croatia’s accession negotiations for EU membership and the alignment of national data protection legislation with EU acquis, said Agency chief Vukić.
He explained that the period from 2014 to 2018 was marked by activities to raise awareness about the importance of personal data protection among citizens and organizations, but despite the Agency’s efforts, this awareness remained very low until May 2018.
“The date that marked a turning point is May 25, 2018, when the full implementation of GDPR began, and AZOP was given the authority to impose high administrative fines for GDPR violations,” he noted.