{"id":3133,"date":"2025-09-15T09:49:00","date_gmt":"2025-09-15T07:49:00","guid":{"rendered":"https:\/\/consalta.ba\/?p=3133"},"modified":"2026-03-17T14:49:20","modified_gmt":"2026-03-17T13:49:20","slug":"dpa-imas-li-ga-vec-i-zasto-ne","status":"publish","type":"post","link":"https:\/\/consalta.ba\/ba\/dpa-do-you-have-one-yet-and-why-not\/","title":{"rendered":"DPA - Da li ga imate, i za\u0161to ne?"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"3133\" class=\"elementor elementor-3133\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9eb3c04 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9eb3c04\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-91cc279\" data-id=\"91cc279\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-0271bbb elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0271bbb\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-9d82f5e\" data-id=\"9d82f5e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4815ce6 elementor-widget elementor-widget-image\" data-id=\"4815ce6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"768\" height=\"487\" src=\"https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303-768x487.jpg\" class=\"attachment-medium_large size-medium_large wp-image-3141\" alt=\"ugovor o obradi podataka\" srcset=\"https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303-768x487.jpg 768w, https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303-300x190.jpg 300w, https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303-1024x649.jpg 1024w, https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303-18x12.jpg 18w, https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303.jpg 1210w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-5e3c413\" data-id=\"5e3c413\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d98ba7e elementor-widget elementor-widget-text-editor\" data-id=\"d98ba7e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Koristite cloud hosting? Posao obra\u010duna plata povjeravate vanjskim saradnicima? Va\u0161a marketin\u0161ka agencija \u0161alje e-mailove u va\u0161e ime? Va\u0161 pru\u017eatelj IT podr\u0161ke ima daljinski pristup sistemima kompanije? Pitanje: <strong>Imate li Ugovor o obradi podataka s bilo kojim od njih?<\/strong><\/p>\n<p>Ako ste oklijevali, niste sami. Ve\u0107ina kompanija u Bosni i Hercegovini nije ni \u010dula za Ugovor o obradi podataka (DPA - eng. Data Processing Agreement), a kamoli da su ga potpisale. Me\u0111utim, s novim \u201c<strong><a href=\"https:\/\/consalta.ba\/ba\/novi-zakon-o-zastiti-licnih-podataka-u-bih-i-iso-27001\/\">Zakonom o za\u0161titi li\u010dnih podataka<\/a>\u201c<\/strong> koji stupa na snagu u oktobru 2025. godine, to se mora promijeniti - \u0161to prije.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-890593a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"890593a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5707019\" data-id=\"5707019\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a23ba4c elementor-widget elementor-widget-text-editor\" data-id=\"a23ba4c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>\u0160ta je ugovor o obradi podataka?<\/h2>\n<p>Ugovor o obradi podataka je ugovor izme\u0111u a\u00a0<strong>kontrolora<\/strong> (va\u0161a kompanija tj. strana koja odlu\u010duje za\u0161to i kako se koriste li\u010dni podaci) i <strong>obra\u0111iva\u010da<\/strong>\u00a0(bilo koja vanjska strana koja obra\u0111uje te podatke u va\u0161e ime). Ovim ugovorom se utvr\u0111uju osnovna pravila: koji se podaci obra\u0111uju, u koju svrhu, koliko dugo, koje sigurnosne mjere moraju biti na snazi i \u0161ta se de\u0161ava s podacima kada odnos prestane.<\/p>\n<p>Zamislite to ovako: ako nekome predate klju\u010deve svoje baze podataka o kupcima, DPA je pisani sporazum koji ta\u010dno navodi \u0161ta oni mogu (smiju), a \u0161ta ne smiju raditi s tim podacima.<\/p>\n<p>Pravna osnova za ovaj zahtjev je<strong>\u010clan 30<\/strong>\u00a0novog zakona, koji detaljno propisuje \u0161ta takav sporazum mora sadr\u017eavati i koje obaveze procesor preuzima.<\/p>\n<h2>Za\u0161to novi zakon mijenja sve<\/h2>\n<p>Prethodni okvir za\u0161tite podataka Bosne i Hercegovine (iz 2006. godine) nije zahtijevao ovakav formalni sporazum izme\u0111u kontrolora i obra\u0111iva\u010da. Kompanije su mogle (i jesu) dijeliti li\u010dne podatke s vanjskim pru\u017eateljima usluga na osnovu obi\u010dnog, op\u0107eg ugovora o uslugama.<\/p>\n<p>Novi zakon to potpuno mijenja. On je u velikoj mjeri modeliran po uzoru na EU-ov\u00a0<a href=\"https:\/\/gdpr-info.eu\/art-28-gdpr\/\" target=\"_blank\" rel=\"noopener\">GDPR \u010dlanak 28.<\/a>, kojim se zahtijeva da svaki odnos izme\u0111u kontrolora i procesora bude ure\u0111en pisanim sporazumom.<\/p>\n<p>Evo i svijetle strane: ako va\u0161a kompanija ve\u0107 posluje s partnerima iz EU, velika je vjerovatno\u0107a da za te odnose ve\u0107 imate DPA u skladu s GDPR-om. Budu\u0107i da novi zakon u BiH u velikoj mjeri odra\u017eava zahtjeve GDPR-a,\u00a0<strong>Ti postoje\u0107i sporazumi vjerovatno pokrivaju ve\u0107inu onoga \u0161to vam je potrebno.<\/strong>Nedostaju\u0107i dio je obi\u010dno u va\u0161im odnosima s doma\u0107im procesorima (obra\u0111iva\u010dima) npr. lokalnom IT kompanijom, ra\u010dunovodstvenom firmom, pru\u017eateljem HR softvera.<\/p>\n<h2>Da li vam je DPA zaista potreban? (ukratko: vjerovatno da)<\/h2>\n<p>Ovdje se ve\u0107ina kompanija iznenadi. Kad \u010dujete \u201cobra\u0111iva\u010d podataka\u201d, mo\u017eda zamislite veliku outsourcing firmu koja obra\u0111uje milione zapisa. U stvarnosti je definicija mnogo \u0161ira. Evo svakodnevnih odnosa koji gotovo sigurno zahtijevaju DPA:<\/p>\n<ul>\n<li><strong>Pru\u017eatelji usluga u oblaku i SaaS:<\/strong>\u00a0Microsoft 365, Google Workspace, AWS ili bilo koji cloud hosting na kojem se pohranjuju li\u010dni podaci<\/li>\n<li><strong>Vanjsko knjigovodstvo i obra\u010dun plata:<\/strong>\u00a0va\u0161 ra\u010dunovo\u0111a obra\u0111uje podatke o platama zaposlenika, porezne identifikacijske brojeve i bankovne podatke<\/li>\n<li><strong>IT podr\u0161ka i sli\u010dne usluge:<\/strong>\u00a0ako mogu daljinski pristupiti va\u0161im sistemima, mogu potencijalno pristupiti li\u010dnim podacima<\/li>\n<li><strong>Marketin\u0161ki alati i CRM platforme:<\/strong>\u00a0Mailchimp, HubSpot ili bilo koji alat za upravljanje kontakt podacima kupaca<\/li>\n<li><strong>HR softver: <\/strong>vanjske platforme za vo\u0111enje evidencije o zaposlenicima, upravljanje odsustvima, podatke o zapo\u0161ljavanju<\/li>\n<li><strong>Pru\u017eatelji usluga fizi\u010dke za\u0161tite:<\/strong>\u00a0ako tre\u0107a strana upravlja va\u0161im CCTV sistemom, ona obra\u0111uje li\u010dne podatke<\/li>\n<\/ul>\n<p><strong>Pravilo je jednostavno: ako neko izvan va\u0161e organizacije obra\u0111uje li\u010dne podatke u va\u0161e ime, potreban vam je DPA.<\/strong><\/p>\n<p>Me\u0111utim, to nije sve. Zakon tako\u0111er obuhvata i\u00a0<strong>podizvo\u0111a\u010de<\/strong> - naime, ako va\u0161 procesor (obra\u0111iva\u010d) anga\u017euje drugog procesora (npr. va\u0161 IT pru\u017eatelj usluga koristi uslugu u oblaku po ugovoru o podugovoru), taj odnos tako\u0111er mora biti obuhva\u0107en. Va\u0161 procesor ne mo\u017ee anga\u017eovati podprocesora bez va\u0161e prethodne pismene saglasnosti, a iste obaveze za\u0161tite podataka moraju se prenijeti niz lanac dobavlja\u010da.<\/p>\n<h2>\u0160ta mora biti u sporazumu<\/h2>\n<p>\u010clan 30 novog Zakona o za\u0161titi li\u010dnih podataka je prili\u010dno precizan u pogledu onoga \u0161to DPA mora uklju\u010divati. Pojednostavljeno, obra\u0111iva\u010d se obavezuje:<\/p>\n<ul>\n<li><strong>Slijediti samo va\u0161e upute: <\/strong>obra\u0111ivati podatke isklju\u010divo na osnovu va\u0161ih dokumentovanih uputa - ni\u0161ta vi\u0161e<\/li>\n<li><strong>Osigurati povjerljivost:<\/strong>\u00a0sve osobe s pristupom podacima moraju biti odr\u017eavati obavezu \u010duvanja povjerljivosti<\/li>\n<li><strong>Implementirati odgovaraju\u0107i nivo sigurnosti:<\/strong>\u00a0 primijeniti odgovaraju\u0107e tehni\u010dke i organizacione mjere za za\u0161titu podataka (zakon ih detaljno navodi u \u010dlanu 34)<\/li>\n<li><strong>Po\u0161tivati pravila vezana za anga\u017eovanje podugovara\u010da:<\/strong>\u00a0ne zapo\u0161ljavati dodatne obra\u0111iva\u010de bez va\u0161eg pismenog pristanka<\/li>\n<li><strong>Pomagati vam u odgovaranju na zahtjeve nosioca li\u010dnih podataka (osoba):<\/strong>\u00a0ako korisnik zatra\u017ei da vidi ili izbri\u0161e svoje podatke, obra\u0111iva\u010d mu mora pomo\u0107i<\/li>\n<li><strong>Brisanje ili povrat podataka nakon prekida ugovornog odnosa:<\/strong>\u00a0po zavr\u0161etku usluge, procesor mora ili izbrisati sve li\u010dne podatke ili vam ih vratiti<\/li>\n<li><strong><strong>Omogu\u0107avati provedbu audita i provjera: <\/strong>Vi (ili auditor kojeg ovlastite)  mora biti u stanju da provede provjeru i potvrdi uskla\u0111enost na strani procesora.<\/strong>\u00a0you (or an auditor you appoint) must be able to inspect and verify compliance<\/li>\n<\/ul>\n<p>Ako ova lista izgleda poznato svima koji su se bavili GDPR-om, to je zato \u0161to je u su\u0161tini ista. Hrvatska agencija za za\u0161titu podataka (<a href=\"https:\/\/azop.hr\/\" target=\"_blank\" rel=\"noopener\">AZOP<\/a>) je \u010dak objavila predlo\u017eak DPA-e, a budu\u0107i da oba zakona dijele istu DNK (GDPR), to je koristan referentni okvir koji mo\u017eete iskoristiti. Bosanskohercegova\u010dka\u00a0<strong>Agencija za za\u0161titu li\u010dnih podataka<\/strong>\u00a0mo\u017ee u budu\u0107nosti izdati vlastite standardne ugovorne klauzule (zakon to izri\u010dito dopu\u0161ta), ali za sada \u0107ete morati sastaviti vlastite ili prilagoditi postoje\u0107i predlo\u017eak neke druge agencije za za\u0161titu li\u010dnih podataka.<\/p>\n<h2>\u0160ta se de\u0161ava ako ga nemate?<\/h2>\n<p>Osim o\u010diglednog pravnog rizika prema novom zakonu, vrijedi razmisliti o prakti\u010dnim posljedicama. Ako obra\u0111iva\u010d nepravilno postupa s li\u010dnim podacima i nema uspostavljenog DPA-a, vi kao kontrolor imate\u00a0<strong>nemate ugovorne osnove da ih dr\u017eite odgovornima<\/strong>. Vi ste izlo\u017eeni, kao i ljudi \u010diji su podaci kompromitovani.<\/p>\n<p>Postoji i rastu\u0107a komercijalna stvarnost. EU kompanije (posebno one koje podlije\u017eu <a href=\"https:\/\/consalta.ba\/ba\/kako-nis2-utjece-na-bosanske-kompanije-iako-nismo-u-eu\/\">NIS2 regulativi<\/a> ili zahtjevima GDPR-a u lancu snabdijevanja) imaju sve ve\u0107e pritiske regulatora da od partnera i dobavlja\u010da tra\u017ee da doka\u017eu da su odgovaraju\u0107i DPA uspostavljeni. Ako radite s klijentima u Hrvatskoj, Sloveniji, Njema\u010dkoj  (ili bilo gdje u EU), <strong>nedostatak DPA-a vas mo\u017ee ko\u0161tati poslovanja<\/strong>, a ne samo nov\u010dane kazne.<\/p>\n<h2>Jednostavnije je nego \u0161to zvu\u010di<\/h2>\n<p>Ako vam je sve ovo previ\u0161e, udahnite. Dobro sastavljen DPA je uglavnom jednokratna aktivnost sa pojedina\u010dnim procesorima. Kad jednom utvrdite ko obra\u0111uje li\u010dne podatke u va\u0161e ime i sklopite ugovore, za\u0161ti\u0107eni ste (naravno, uz povremene preglede u slu\u010daju da se odnosi ili usluge promijene).<\/p>\n<p>Prvi korak je jednostavan:\u00a0<strong>Napravite popis svih vanjskih strana koje imaju pristup li\u010dnim podacima u va\u0161oj organizaciji.<\/strong>Vjerovatno \u0107ete biti iznena\u0111eni koliko je ta lista duga. Nakon pristupite izradi sporazuma koji ispunjavaju zakonske zahtjeve i njihovom potpisivanju prije oktobra 2025.<\/p>\n<p>Ako \u017eelite pomo\u0107 pri mapiranju va\u0161ih odnosa s procesorima ili izradi DPA-a koji zaista ispunjavaju zahtjeve novog zakona,\u00a0<a href=\"https:\/\/consalta.ba\/ba\/kontakt\/\">rezervi\u0161ite besplatnu 30-minutnu konsultaciju<\/a> - tu smo da vam pomognemo da \"odgonetnete\" gdje se nalazite i \u0161ta je sljede\u0107i korak.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3e1464db elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"3e1464db\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-72b0dc2c\" data-id=\"72b0dc2c\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-4d830200 elementor-section-content-middle elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4d830200\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-b8ad1e6\" data-id=\"b8ad1e6\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-28e422b8 elementor-widget elementor-widget-heading\" data-id=\"28e422b8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Ne znate odakle da po\u010dnete ili imate konkretan problem?<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2893f4df elementor-widget elementor-widget-text-editor\" data-id=\"2893f4df\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Po\u010detna konsultacija je potpuno besplatna! Na\u0161 cilj je zaista pomo\u0107i klijentima da ostvare svoje ciljeve. Razgovara\u0107ete direktno s jednim od na\u0161ih konsultanata \u2013 bez napadnih prodajnih taktika i bez bilo kakvih obaveza.<br \/><span style=\"font-weight: bold;\">Iskoristite priliku \u2013 uvjerite se sami!<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-61725805\" data-id=\"61725805\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6b7389df elementor-align-right elementor-tablet-align-center elementor-widget elementor-widget-button\" data-id=\"6b7389df\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/consalta.ba\/ba\/kontakt\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Besplatna konsultacija<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Ve\u0107ina kompanija u Bosni i Hercegovini nema Ugovore o obradi podataka sa svojim vanjskim pru\u017eaocima usluga. Sa novim Zakonom o za\u0161titi li\u010dnih podataka koji stupa na snagu u oktobru 2025. godine, to se mora promijeniti \u2014 i to brzo.<\/p>","protected":false},"author":1,"featured_media":3141,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[81,36,66],"tags":[82,85,83,84],"class_list":["post-3133","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-protection","category-privacy","category-regulation","tag-data-protection","tag-dpa","tag-privatnost","tag-ugovor-o-procesiranju"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>DPA \u2014 Do You Have One Yet, and Why Not? - Consalta % %<\/title>\n<meta name=\"description\" content=\"Bosnia&#039;s new data protection law requires a Data Processing Agreement for every controller-processor relationship. Here&#039;s what you need \u2014 and why.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/consalta.ba\/ba\/dpa-imas-li-ga-vec-i-zasto-ne\/\" \/>\n<meta property=\"og:locale\" content=\"bs_BA\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DPA \u2014 Do You Have One Yet, and Why Not? - Consalta % %\" \/>\n<meta property=\"og:description\" content=\"Bosnia&#039;s new data protection law requires a Data Processing Agreement for every controller-processor relationship. Here&#039;s what you need \u2014 and why.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/consalta.ba\/ba\/dpa-imas-li-ga-vec-i-zasto-ne\/\" \/>\n<meta property=\"og:site_name\" content=\"Consalta\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-15T07:49:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-17T13:49:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1210\" \/>\n\t<meta property=\"og:image:height\" content=\"767\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"OJB\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"OJB\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minuta\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/consalta.ba\\\/dpa-do-you-have-one-yet-and-why-not\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/dpa-do-you-have-one-yet-and-why-not\\\/\"},\"author\":{\"name\":\"OJB\",\"@id\":\"https:\\\/\\\/consalta.ba\\\/en\\\/#\\\/schema\\\/person\\\/b8449ee47559258a18597f3b91629afc\"},\"headline\":\"DPA \u2014 Do You Have One Yet, and Why Not?\",\"datePublished\":\"2025-09-15T07:49:00+00:00\",\"dateModified\":\"2026-03-17T13:49:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/dpa-do-you-have-one-yet-and-why-not\\\/\"},\"wordCount\":1157,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/dpa-do-you-have-one-yet-and-why-not\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/consalta.ba\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/dpa-e1772830346303.jpg\",\"keywords\":[\"data protection\",\"dpa\",\"privatnost\",\"ugovor o procesiranju\"],\"articleSection\":[\"data protection\",\"Privacy\",\"Regulation\"],\"inLanguage\":\"bs-BA\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/consalta.ba\\\/dpa-do-you-have-one-yet-and-why-not\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/consalta.ba\\\/dpa-do-you-have-one-yet-and-why-not\\\/\",\"url\":\"https:\\\/\\\/consalta.ba\\\/dpa-do-you-have-one-yet-and-why-not\\\/\",\"name\":\"DPA \u2014 Do You Have One Yet, and Why Not? - Consalta % %\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/dpa-do-you-have-one-yet-and-why-not\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/dpa-do-you-have-one-yet-and-why-not\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/consalta.ba\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/dpa-e1772830346303.jpg\",\"datePublished\":\"2025-09-15T07:49:00+00:00\",\"dateModified\":\"2026-03-17T13:49:20+00:00\",\"description\":\"Bosnia's new data protection law requires a Data Processing Agreement for every controller-processor relationship. Here's what you need \u2014 and why.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/dpa-do-you-have-one-yet-and-why-not\\\/#breadcrumb\"},\"inLanguage\":\"bs-BA\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/consalta.ba\\\/dpa-do-you-have-one-yet-and-why-not\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"bs-BA\",\"@id\":\"https:\\\/\\\/consalta.ba\\\/dpa-do-you-have-one-yet-and-why-not\\\/#primaryimage\",\"url\":\"https:\\\/\\\/consalta.ba\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/dpa-e1772830346303.jpg\",\"contentUrl\":\"https:\\\/\\\/consalta.ba\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/dpa-e1772830346303.jpg\",\"width\":1210,\"height\":767,\"caption\":\"data processing agreement\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/consalta.ba\\\/dpa-do-you-have-one-yet-and-why-not\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/consalta.ba\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"data protection\",\"item\":\"https:\\\/\\\/consalta.ba\\\/category\\\/data-protection\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"DPA \u2014 Do You Have One Yet, and Why Not?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/consalta.ba\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/consalta.ba\\\/en\\\/\",\"name\":\"Consalta\",\"description\":\"Get Certified!\",\"publisher\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/consalta.ba\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"bs-BA\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/consalta.ba\\\/en\\\/#organization\",\"name\":\"Consalta\",\"url\":\"https:\\\/\\\/consalta.ba\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"bs-BA\",\"@id\":\"https:\\\/\\\/consalta.ba\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/consalta.ba\\\/wp-content\\\/uploads\\\/2024\\\/11\\\/Logo-getcert-2024_transpback_blue-black.png\",\"contentUrl\":\"https:\\\/\\\/consalta.ba\\\/wp-content\\\/uploads\\\/2024\\\/11\\\/Logo-getcert-2024_transpback_blue-black.png\",\"width\":\"617\",\"height\":\"90\",\"caption\":\"Consalta\"},\"image\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/ba.linkedin.com\\\/company\\\/consalta-d.o.o.\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/consalta.ba\\\/en\\\/#\\\/schema\\\/person\\\/b8449ee47559258a18597f3b91629afc\",\"name\":\"OJB\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"bs-BA\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/69c0cb70266add0c68274346f544f85223697fb0959d7a797c6a99b8e6babcba?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/69c0cb70266add0c68274346f544f85223697fb0959d7a797c6a99b8e6babcba?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/69c0cb70266add0c68274346f544f85223697fb0959d7a797c6a99b8e6babcba?s=96&d=mm&r=g\",\"caption\":\"OJB\"},\"sameAs\":[\"https:\\\/\\\/consalta.ba\"],\"url\":\"https:\\\/\\\/consalta.ba\\\/ba\\\/author\\\/admin_8k999oh2\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DPA \u2014 Do You Have One Yet, and Why Not? - Consalta % %","description":"Novi zakon o za\u0161titi podataka u Bosni zahtijeva Ugovor o obradi podataka za svaki odnos kontrolora i obra\u0111iva\u010da. Evo \u0161to vam je potrebno \u2014 i za\u0161to.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/consalta.ba\/ba\/dpa-imas-li-ga-vec-i-zasto-ne\/","og_locale":"bs_BA","og_type":"article","og_title":"DPA \u2014 Do You Have One Yet, and Why Not? - Consalta % %","og_description":"Bosnia's new data protection law requires a Data Processing Agreement for every controller-processor relationship. Here's what you need \u2014 and why.","og_url":"https:\/\/consalta.ba\/ba\/dpa-imas-li-ga-vec-i-zasto-ne\/","og_site_name":"Consalta","article_published_time":"2025-09-15T07:49:00+00:00","article_modified_time":"2026-03-17T13:49:20+00:00","og_image":[{"width":1210,"height":767,"url":"https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303.jpg","type":"image\/jpeg"}],"author":"OJB","twitter_card":"summary_large_image","twitter_misc":{"Written by":"OJB","Est. reading time":"6 minuta"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/consalta.ba\/dpa-do-you-have-one-yet-and-why-not\/#article","isPartOf":{"@id":"https:\/\/consalta.ba\/dpa-do-you-have-one-yet-and-why-not\/"},"author":{"name":"OJB","@id":"https:\/\/consalta.ba\/en\/#\/schema\/person\/b8449ee47559258a18597f3b91629afc"},"headline":"DPA \u2014 Do You Have One Yet, and Why Not?","datePublished":"2025-09-15T07:49:00+00:00","dateModified":"2026-03-17T13:49:20+00:00","mainEntityOfPage":{"@id":"https:\/\/consalta.ba\/dpa-do-you-have-one-yet-and-why-not\/"},"wordCount":1157,"commentCount":0,"publisher":{"@id":"https:\/\/consalta.ba\/en\/#organization"},"image":{"@id":"https:\/\/consalta.ba\/dpa-do-you-have-one-yet-and-why-not\/#primaryimage"},"thumbnailUrl":"https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303.jpg","keywords":["data protection","dpa","privatnost","ugovor o procesiranju"],"articleSection":["data protection","Privacy","Regulation"],"inLanguage":"bs-BA","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/consalta.ba\/dpa-do-you-have-one-yet-and-why-not\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/consalta.ba\/dpa-do-you-have-one-yet-and-why-not\/","url":"https:\/\/consalta.ba\/dpa-do-you-have-one-yet-and-why-not\/","name":"DPA \u2014 Do You Have One Yet, and Why Not? - Consalta % %","isPartOf":{"@id":"https:\/\/consalta.ba\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/consalta.ba\/dpa-do-you-have-one-yet-and-why-not\/#primaryimage"},"image":{"@id":"https:\/\/consalta.ba\/dpa-do-you-have-one-yet-and-why-not\/#primaryimage"},"thumbnailUrl":"https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303.jpg","datePublished":"2025-09-15T07:49:00+00:00","dateModified":"2026-03-17T13:49:20+00:00","description":"Novi zakon o za\u0161titi podataka u Bosni zahtijeva Ugovor o obradi podataka za svaki odnos kontrolora i obra\u0111iva\u010da. Evo \u0161to vam je potrebno \u2014 i za\u0161to.","breadcrumb":{"@id":"https:\/\/consalta.ba\/dpa-do-you-have-one-yet-and-why-not\/#breadcrumb"},"inLanguage":"bs-BA","potentialAction":[{"@type":"ReadAction","target":["https:\/\/consalta.ba\/dpa-do-you-have-one-yet-and-why-not\/"]}]},{"@type":"ImageObject","inLanguage":"bs-BA","@id":"https:\/\/consalta.ba\/dpa-do-you-have-one-yet-and-why-not\/#primaryimage","url":"https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303.jpg","contentUrl":"https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303.jpg","width":1210,"height":767,"caption":"data processing agreement"},{"@type":"BreadcrumbList","@id":"https:\/\/consalta.ba\/dpa-do-you-have-one-yet-and-why-not\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/consalta.ba\/en\/"},{"@type":"ListItem","position":2,"name":"data protection","item":"https:\/\/consalta.ba\/category\/data-protection\/"},{"@type":"ListItem","position":3,"name":"DPA \u2014 Do You Have One Yet, and Why Not?"}]},{"@type":"WebSite","@id":"https:\/\/consalta.ba\/en\/#website","url":"https:\/\/consalta.ba\/en\/","name":"Consalta","description":"Obezbijedite certifikat!","publisher":{"@id":"https:\/\/consalta.ba\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/consalta.ba\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"bs-BA"},{"@type":"Organization","@id":"https:\/\/consalta.ba\/en\/#organization","name":"Consalta","url":"https:\/\/consalta.ba\/en\/","logo":{"@type":"ImageObject","inLanguage":"bs-BA","@id":"https:\/\/consalta.ba\/en\/#\/schema\/logo\/image\/","url":"https:\/\/consalta.ba\/wp-content\/uploads\/2024\/11\/Logo-getcert-2024_transpback_blue-black.png","contentUrl":"https:\/\/consalta.ba\/wp-content\/uploads\/2024\/11\/Logo-getcert-2024_transpback_blue-black.png","width":"617","height":"90","caption":"Consalta"},"image":{"@id":"https:\/\/consalta.ba\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/ba.linkedin.com\/company\/consalta-d.o.o."]},{"@type":"Person","@id":"https:\/\/consalta.ba\/en\/#\/schema\/person\/b8449ee47559258a18597f3b91629afc","name":"OJB","image":{"@type":"ImageObject","inLanguage":"bs-BA","@id":"https:\/\/secure.gravatar.com\/avatar\/69c0cb70266add0c68274346f544f85223697fb0959d7a797c6a99b8e6babcba?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/69c0cb70266add0c68274346f544f85223697fb0959d7a797c6a99b8e6babcba?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/69c0cb70266add0c68274346f544f85223697fb0959d7a797c6a99b8e6babcba?s=96&d=mm&r=g","caption":"OJB"},"sameAs":["https:\/\/consalta.ba"],"url":"https:\/\/consalta.ba\/ba\/author\/admin_8k999oh2\/"}]}},"rttpg_featured_image_url":{"full":["https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303.jpg",1210,767,false],"landscape":["https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303.jpg",1210,767,false],"portraits":["https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303.jpg",1210,767,false],"thumbnail":["https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303-150x150.jpg",150,150,true],"medium":["https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303-300x190.jpg",300,190,true],"large":["https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303-1024x649.jpg",1024,649,true],"1536x1536":["https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303.jpg",1210,767,false],"2048x2048":["https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303.jpg",1210,767,false],"trp-custom-language-flag":["https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/dpa-e1772830346303-18x12.jpg",18,12,true]},"rttpg_author":{"display_name":"OJB","author_link":"https:\/\/consalta.ba\/ba\/author\/admin_8k999oh2\/"},"rttpg_comment":0,"rttpg_category":"<a href=\"https:\/\/consalta.ba\/ba\/category\/data-protection\/\" rel=\"category tag\">data protection<\/a> <a href=\"https:\/\/consalta.ba\/ba\/category\/privacy\/\" rel=\"category tag\">Privacy<\/a> <a href=\"https:\/\/consalta.ba\/ba\/category\/regulation\/\" rel=\"category tag\">Regulation<\/a>","rttpg_excerpt":"Most companies in Bosnia and Herzegovina don't have Data Processing Agreements with their external service providers. With the new \"Zakon o za\u0161titi li\u010dnih podataka coming into force in October 2025\", that needs to change \u2014 fast.","_links":{"self":[{"href":"https:\/\/consalta.ba\/ba\/wp-json\/wp\/v2\/posts\/3133","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/consalta.ba\/ba\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/consalta.ba\/ba\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/consalta.ba\/ba\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/consalta.ba\/ba\/wp-json\/wp\/v2\/comments?post=3133"}],"version-history":[{"count":18,"href":"https:\/\/consalta.ba\/ba\/wp-json\/wp\/v2\/posts\/3133\/revisions"}],"predecessor-version":[{"id":3168,"href":"https:\/\/consalta.ba\/ba\/wp-json\/wp\/v2\/posts\/3133\/revisions\/3168"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/consalta.ba\/ba\/wp-json\/wp\/v2\/media\/3141"}],"wp:attachment":[{"href":"https:\/\/consalta.ba\/ba\/wp-json\/wp\/v2\/media?parent=3133"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/consalta.ba\/ba\/wp-json\/wp\/v2\/categories?post=3133"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/consalta.ba\/ba\/wp-json\/wp\/v2\/tags?post=3133"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}