As part of the broader effort to harmonise national legislation with the EU General Data Protection Regulation, the Albanian Data Protection Commissioner issued Instruction No. 2, dated 30 April 2025 (Instruction No. 2), on the protection of personal data in the health sector. This Instruction repeals the previous 2020 framework and establishes a comprehensive set of rules governing the collection, use, and disclosure of health and genetic data.

The Law on the Protection of Personal Data ("Official Gazette of RS", No. 87/2018) - hereinafter: "the Law", and following the example of the Regulation (EU) - 2016/679 - General Data Protection Regulation ("GDPR"), introduced the term and consequently the function – Data Protection Officer ("DPO").

Former Ellex Partner Migle Petkeviciene has joined Sorainen as a Partner.

The data subject has the right to access the data processed by the controller about them, a right guaranteed by both the EU General Data Protection Regulation (“GDPR”) of April 14, 2016, which came into force on May 25, 2018, and the Law on Personal Data Protection of the Republic of Serbia.

On 14 May 2025, significant changes were made to North Macedonia’s personal data protection legislation. The Assembly of the Republic passed an amendment to expand the nations where personal data can be shared freely, without facing third-country transfer restrictions.

Following up on the CJEU's judgment of 9 January 2025, C-416/23, Österreichische Datenschutzbehörde (Demandes excessives), the Austrian Supreme Administrative Court addressed excessive and manifestly unfounded data subject requests to data protection supervisory authorities in six cases (VwGH 29 January 2025, Ra 2023/04/0002; Ra 2022/04/0049; Ro 2023/04/0018; Ro 2022/04/0016; Ro 2022/04/0022; Ra 2020/04/0084). The Austrian Federal Administrative Court added another decision on such requests (BVwG 11 March 2025, W137 2305838-1).