Data Protection and Cybersecurity
Legal services in data privacy and cybersecurity
- Data protection and GDPR/LPPD compliance
- Cybersecurity and NIS2 compliance
- AI and data governance (EU AI Act)
- Cross-border data transfers
- Response to data breaches and cyber incidents
- Privacy and cybersecurity in synergy with IT, Corporate, Startup and HR team
Naumović & Partners provides comprehensive legal support in personal data protection, information management and cybersecurity, with a focus on GDPR, the Serbian Personal Data Protection Act, the NIS2 Directive and the EU AI Act. We help technology companies, startups and organisations in regulated sectors simultaneously meet regulatory obligations and build user trust.
What we do in privacy and cybersecurity
Our team advises clients at every stage of working with data – from mapping data flows and processor agreements, through drafting policies and DPIA analyses, to responding to data breaches and achieving NIS2 compliance.
Data protection and GDPR/LPPD compliance
We help companies align personal data processing with GDPR and the Serbian Personal Data Protection Act – from the initial gap analysis to the implementation of policies, DPA agreements and employee training. The emphasis is on practical solutions that are sustainable in day-to-day operations.
- Data mapping and gap analysis against GDPR and LPPD
- Drafting and review of Privacy Policy, Cookie Policy and internal data processing policies
- Data Processing Agreements (DPA) with processors and joint controllers
- Data Protection Impact Assessments (DPIA) for high-risk processing
- DPO function support and employee training
Cybersecurity and NIS2 compliance
Cybersecurity is no longer just an IT issue, but also a regulatory obligation, especially for entities covered by the NIS2 Directive and sector-specific frameworks. We advise clients on how to connect data protection rules with technical and organisational cybersecurity measures and NIS2 obligations.
- Legal analysis of NIS2 applicability and local rules for essential and important entities
- Alignment of information security policies with GDPR and NIS2 requirements
- Incident response plans, breach notification procedures and cyber incident reporting
- Security clauses in contracts with suppliers and cloud providers
- Advising executive bodies on liability and cyber risk management
AI and data governance (EU AI Act)
The EU AI Act introduces specific obligations regarding data quality, data governance, documentation and transparency for high-risk AI systems. We help clients align their datasets, processes and documentation with these requirements, especially when the same data is used for other processing purposes.
- Data governance policies for training, validation and testing of AI models
- Alignment of AI projects with GDPR, LPPD and AI Act requirements for transparency and human oversight
- Documentation on data sources, quality and model limitations
- Arrangement of relationships with suppliers and users of AI solutions through contracts
Cross-border data transfers
Global IT models, cloud services and international teams often require transferring data outside the EU/EEA, which raises questions about appropriate safeguards. We advise clients on how to properly use SCCs, BCRs and other mechanisms, with a transfer risk assessment.
- Assessment of cross-border transfer needs and data flow mapping
- Standard Contractual Clauses (SCC), BCR and other transfer bases
- Transfer Impact Assessment (TIA) and third-country risk assessment
- Alignment of cloud and SaaS contracts with data transfer rules
Response to data breaches and cyber incidents
When a data breach or cyber incident occurs, the speed of response and quality of communication with the supervisory authority and data subjects are crucial for minimising damage and regulatory risk. We provide support from the first moment, from legal qualification of the event to complete documentation and planning of next steps.
- Legal assessment of whether a data breach has occurred and whether notification is required
- Communication with the supervisory authority and preparation of notices for data subjects
- Coordination with IT and security teams on remediation planning and documentation of measures
- Post-incident analysis and improvement of policies and procedures
Privacy and cybersecurity in synergy with IT, Corporate, Startup and HR team
Data and cybersecurity issues always overlap with IT contracts, corporate transactions, startup growth and HR processes. That is why our Data Privacy & Cybersecurity team works in close coordination with the IT & AI, Corporate & M&A, Startup and Employment & HR teams.
- GDPR and NIS2 module in M&A and tech due diligence projects
- Alignment of SaaS/IT contracts with data privacy and security requirements
- GDPR and AI Act aspects of startup projects and HR tools
Need a GDPR or NIS2 "reality check"?
We can carry out a quick assessment of your compliance with data protection and cybersecurity rules and propose a concrete action plan by priority.