Data Protection in Montenegro

Registration in Montenegro

Each data controller must do the following:

  • Register as a data controller (this registration as a controller is to be performed only once);
  • Separately register each database of personal data ('Database') which it intends to establish, before the database is established.

Both registrations must be submitted online through specific forms, whereas the database's registration form is accessible via the DPA's website. The type and scope of the information that must be included in these forms is explicitly prescribed by the DP Law (e.g. the data controller's name and address of its registered seat, name of the Database, legal basis for the processing and purpose of the processing, types of processed data, categories of data subjects, (if applicable) information on any data transfers out of Montenegro). Any significant change to the registered data processing activities, subsequent to the registration should be notified to and registered with the DPA as well.

Exceptionally (i.e. if the intended data processing represents a special risk for the rights and freedoms of individuals), a data controller may, depending on the circumstances of each particular case, be obliged to obtain the DPA’s prior approval for such processing (e.g. if biometric data is to be processed without the data subject's consent).

Back to top