Publications

The legitimate interest of the controller (or a third party) is one of the possible legal grounds for the processing of personal data under Article 6(1) of the General Data Protection Regulation 2016/679 (GDPR). This analysis focuses on this basis, with a particular focus on the possibility for employers to invoke their legitimate interests in the context of the employment relationship with workers/employees. It should be noted that there is no hierarchical relationship between the individual legal grounds for processing personal data – they are alternative and equal. The existence of any one of them is sufficient for the lawfulness of the processing, subject, of course, to compliance with the principles relating to the processing of personal data and the other requirements of the GDPR. *This publication is in Bulgarian.

The present study aims to analyze the regulatory framework applicable in cases of personal data security breaches under Articles 33 and 34 of the General Data Protection Regulation (GDPR), as well as the interpretations and guidelines provided by national and European authorities. The focus of the analysis is on the legal obligations of data controllers to notify the supervisory authority and the data subjects, as well as the applicable guidance issued by the European Data Protection Board (EDPB) and the Risk Assessment Methodology developed by the Bulgarian Commission for Personal Data Protection. The study employs documentary and normative – comparative methods. An attempt is made to critically assess the regulatory framework and existing practices by outlining the key characteristics of the legal regime and the ways in which it is applied by supervisory authorities. The findings highlight the need to enhance the preparedness of organizations in the Republic of Bulgaria to respond effectively to incidents, emphasizing the importance of a clear understanding of the risks and obligations arising from personal data security breaches.

The generally accepted definition of deepfake is artificially generated audio or video that depicts real people in a way that is typically indistinguishable from reality, attributing actions or statements to them that they never made. Deepfakes are used to spread fake news, scams, pornographic content, identity theft, and even to interfere in elections. With the growing popularity and accessibility of such videos, countries are faced with the challenge of protecting their citizens. *This publication is in Bulgarian.

In 2024 only 3 applications for preventive restructuring of a trader were filed before Bulgarian courts, while the number of insolvency proceedings initiated was 737. This ratio is somewhat strange, given that the purpose of the former is to serve as a lifeline for a business even before it has fallen into complete inability to service its creditors. Our senior associate Tsvetelina Koleva, an expert in dispute resolution, arbitration and insolvency, explains for Capital what the procedure for preventive restructuring of a trader is, when it is the right time to proceed and why it is so unpopular in Bulgaria.

The current paper explores what it takes to ensure that whenever AI-based technologies are used in the war against terrorism, this does not violate fundamental rights. This is done from several legal perspectives at EU level starting from the specific legislation in the area of fighting terrorism content online, examining the question from the point of view of data protection regime and lastly concluding with an overview of the newly adopted Artificial Intelligence Act. What is more, the paper would suggest using ethics as a supplementary resource enabling such responsible behaviour embedded during the design and employment phase.

The present report aims to analyze some peculiarities in personal data processing for law enforcement purposes. Personal data processing activities in the field of law enforcement are subject to special rules, different from the general regime for personal data protection in the EU, established by the General Data Protection Regulation 2016/679 (GDPR). These activities are excluded from the material scope of the GDPR and to them the rules of Directive 2016/680 are applicable, which are transposed in chapter eight of the Bulgarian Personal Data Protection Act (PDPA). In which cases do these specific rules apply, who are the personal data controllers in the law enforcement sector, on what legal grounds do they process personal data, what peculiarities do the principles for personal data protection in the law enforcement sector reveal? The answer to these and other important questions about the data protection rules in the law enforcement sector can be found in this study. The results of the analysis are intended to help public authorities with law enforcement powers to gain clearer understanding about the specific data protection rules applicable to their activities.

Digitalisation in Europe and in Bulgaria continues to happen, sometimes slower, sometimes faster, but regardless of the pace one thing is certain - the digital world is growing, increasing not only the digital threats, but also the significance of their consequences. While there is room for improvement, mobile banking and insurance, e-signing of contracts and documents, e-administrative services are now widely available. In parallel, the internal processes of companies and public organisations that are critical to society, for example in the energy, transport and health sectors, depend heavily on information systems and services. In this context, it is not surprising that ensuring better security is becoming a key priority for European regulators. This brings us to the entry into force of the Network and Information Security Directive NIS 2 on 17 October, a deadline that has been missed by most EU countries and the rules have yet to be transposed into national legislation. Why the delay, what are the challenges for Member States and what does it mean for Bulgarian business are the main questions that companies are concerned about. *This is an interview with Nikola Stoychev by Maria Karashanova. The text is in Bulgarian.

One of the key characteristics of the modern information society is its interconnectivity – the state borders become less and less relevant. The rapid development of the technologies in the second half of the twentieth century, together with the tendency towards globalization, enabled the people to travel around the world more than ever before. To that end, one of the most popular forms of travel is the air travel. Daily tens of thousands of people travel around the world with aircraft. At the same time, the information related to the reservation for an air journey of a given passanger (passanger name records – PNR) could have significant impact for the competent law enforcement agencies in their efforts to fight against terrorism and serious crime. To regulate how the air carriers should collect PNR and provide it to the competent law enforcement authorities, the EU has adopted Directive (EU) 2016/681. The present paper aims to analyze how this Directive was transposed into the legislation of the Republic of Bulgaria. It focuses on some of the key aspects thereof such as the applicable legal framework, the designation of the competent authorities, the control over these activities, etc.

At the beginning of August, the Employment Registration Ordinance (the "Ordinance") was passed, which further develops some of the forthcoming changes to employment law. The changes relate to the introduction of a new employment register at the National Revenue Agency ("NRA") and a single electronic employment record to replace the employment record book. A brief overview of the main changes is provided in this article.

The Regulation on digital operational resilience for the financial sector (DORA) entered into force on January 16, 2023, and forms an integral part of the European Commission's digital finance package, a package of measures to further enable and support the potential of digital finance in terms of innovation and competition, while mitigating the risks arising from it. DORA will become directly applicable in each Member State from January 17, 2025. In this article, Desislava Krusteva, Partner at Dimitrov, Petrov & Co., gives an overview of the interplay between DORA and the General Data Protection Regulation (GDPR).

Unlike traditional easements, which require the existence of two adjacent properties (dominant and servient) and are created by virtue of a contract, easements under the EA arise by virtue of the law. This raises a number of practical issues, such as exactly how the easement arises and how compensation is determined for the owners of the affected properties. However, in the practice of municipalities there is a misunderstanding of the matter, cumbersome administrative procedures and unpredictable requirements of the administration that carries out this activity - which, in turn, impedes investors and delays RES projects. *This publication is in Bulgarian

Assoc. Prof. Martin Zahariev, PhD, Partner and Head of IP, shares some career advice based on his perosnal experience for the Career Barometer section of WorkTalent's job and internship platform. *This publication is in Bulgarian.

Desislava Krusteva and Tsvetelina Paskova have contributed the Bulgarian part of the AI Regulations Guide - an initiative of World IT Lawyers covering 15, mostly European, jurisdictions. This guide is designed for private companies that try and want to use AI in their work or implement it, and that have cross-border customers. World IT Lawyers, whose member DPC has been for many years, believes that knowledge of the legislation of different countries, properly explained, structured and systematized, can contribute to correct and balanced decisions.

When we talk about regulations on new technologies, we definitely see the European Union as leading the way. The Community puts the interests of its citizens and the protection of fundamental human rights first. And while it tries to strike an effective balance between promoting innovation and privacy, finding the right formula is proving to be a difficult task. As is evident from the new EU AI legislation, which is not at all an easy read with its 400-plus pages. But knowing it is likely to become key to the success of any business working in IT or taking advantage of the latest AI innovations.

The adoption of the near-final version of the AI legislative text was a long-awaited achievement of the European authorities in the first half of this year. However, the document is definitely not an easy read with its more than 400 pages, but knowledge of it is likely to become key to the success of any business that works in the field of information technology or benefits from the latest developments related to artificial intelligence. What rules the new regulation introduces, which AI systems will be affected, and when we can expect to feel its effects according to Desislava Krusteva, Partner at DPC and Head of the Data & Technology Practice. *This publication is in Bulgarian.

Desislava Krusteva authored the Bulgarian section of Global Data Localization Laws: Overview by Practical Law Data Privacy & Cybersecurity, which is providing an overview of global data localization laws that may require companies to physically store personal information or other data within a particular country, limit cross-border data transfers, or locally host some information technology infrastructure, including servers and other components. It provides general information and addresses key issues organizations must consider when collecting and processing personal information for employees, customers, or others in one or more countries with data localization laws.

The purpose of this report is to analyse two key figures in the activity of public authorities with significant responsibilities for the protection of the information processed by these authorities. These are the Data Protection Officer (DPO) under the General Data Protection Regulation 2016/679 (GDPR) and the Personal Data Protection Act (PDPA) and the Information Security Officer (ISO) under the Classified Information Protection Act (CIPA). While at first glance the DPO and the ISO have some similar, even overlapping functions, there are significant differences between these two figures. They can be outlined in different directions – who can hold these positions, what their tasks are, whether they can combine other roles, including whether the same person can combine the roles of DPO and ISO. The answer to these and other important questions about DPO and ISO can be found in this study. The results of the analysis are intended to help public authorities required to designate DPO and ISO to gain clearer understanding of the specific duties, roles and responsibilities of these persons in their activities.

The figure of the Data Protection Officer (DPO) under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (GDPR) and Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (Directive/Directive 2016/680) reveals some similarities with already familiar figures. This article aims to distinguish the DPO from several other similar figures (inhouse legal advisor, IT specialist and team members of the DPO itself), with the aim of assisting data controllers and data processors (DPAs/DPAs) in making decisions about designating data protection officers in their organisations. *This publication is in Bulgarian.

Bulgarian Personal Data Protection Commission has issued an opinion on the admissibility of processing video surveillance records with sound for the purposes of assessing the personal performance of the employees and for determining their bonuses. The opinion of the commission is that such further processing of the personal data does not comply with the requirements of Art. 6, para. 4 of GDPR and therefore is inadmissible

One of the new obligations introduced by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) and Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties and on the free movement of such data and repealing Framework Decision 2008/977/JHA (the Directive), was the obligation for certain controllers and processors (DPAs) to appoint a Data Protection Officer (DPO). This is the first time such an obligation has been established by law in Bulgaria. And now, more than 5 years since the two Acts have been implemented, there is often a misunderstanding of what the role and tasks of the DPO are. This article is intended to distinguish the DPO from the similar figure of the lawyer, thereby making it easier for DPAs to choose how to allocate responsibilities regarding the protection of personal data within their organisations. *This publication is in Bulgarian.

Comment by Hristo Nihrizov, Head of Banking & Finance, on the opportunities and challenges that the new regulations will bring to financial market participants. *This publication is in Bulgarian.

The draft amendments to the Labour Code address two issues: telework and the introduction of joint and several liability of contractor and subcontractor for wages. The proposals reveal some shortcomings that could create serious practical difficulties. The new provision on joint and several liability is vague, disproportionate and contradicts fundamental principles of labour and contract law. *This pulication is in Bulgarian.

Mondaq's TMT Comparative Guide provides an overview of some of the key points of law and practice and allows you to compare regulatory environments and laws across multiple jurisdictions.

From a digital exotic to a $1.1 trillion market, there is no doubt that crypto assets, led by bitcoin, have carved out a place for themselves in the global economy. A multibillion-dollar trading and investment business has developed around them, and many people have profited from their change in value and participation in their creation; others have lost out from the theft of their digital wallets, the misuse of investment managers, or the bankruptcies of cryptocurrency platforms. But order is coming to the crypto universe, at least at the European Union level. The Markets in Cryptoassets Regulation (MiCA), the first comprehensive law to regulate this type of asset, comes into force at the beginning of July, creating a single framework for the entire European bloc. Its provisions will start to be effectively implemented from the middle of next year 2024, so that market participants can align their activities with its requirements. *This publication is in Bulgarian

Bulgarian DPA is currently applying on a regular basis a new procedure in cases of data breach notifications which includes complex questionnaires covering all the data processing activities of the data controller and extensive requests for provision of documents and information within short deadlines.

On 27 April 2023, the Council for Electronic Media – CEM published its Report on the specialised monitoring of the election campaign for the 49th Parliament. In the Report, the CEM presents its findings following the process of specialised monitoring of the activity of 14 channels of public media service providers and 13 channels of commercial media service providers related to yet another parliamentary election in Bulgaria. The Report also includes information on the performance of four online platforms. The Report covers their media behaviour during the election campaign (from 3 to 31 March 2023), on the day of reflection (1 April 2023) as well as on the day of the elections (2 April 2023). *This publication is also available in German and French.

The goal and purpose of this Playbook are to provide startup founders and startup lawyers alike with a quick reference guide to key issues they may experience in foreign jurisdictions. Let’s face it, the modern startup is not concerned with owning the local geography, but instead wants to step out onto the world stage as early as possible. Oftentimes, this means that the need for foreign legal advice comes well before theresources which their institutional, established competitors can bring to bear. Enter the Playbook. This is not meant as a definitive guide to everything you’ll need to know about legal systems and local market realities in any given jurisdiction, but it is intended to help triage key issues. Whether you’re using this guide as a lawyer advising a startup client, or as a startup company yourself, our hope is that the Playbook will help you to better assess potential risks and to ask the right questions. And if you have need of a local legal expert, well now you’ve got a list of lawyers from around the world that deal with startups just like yours, that are ready and willing to help.

It is well established in the jurisprudence of the SCC that the contract for assignment of future claims is null and void for lack of subject matter on the basis of Article 26(2) of the Obligations and Contracts Act due to the indeterminability of future claims. In his article published in the Commercial and Obligation Law Magazine, Asen Stefanov criticizes this thesis, as it limits the civil turnover and risks that the effects of the blank/global collateral assignment contract, which is widely used in foreign jurisdictions, will not be recognized in Bulgaria, whereby the assignor transfers all its present and future claims from third parties - its debtors, as a form of security for its obligations to the assignee - its creditor. *This publication is in Bulgarian.

On 2 March 2023, the draft Act for amendment and supplement to the Criminal Code was published on the Public Consultations Portal. The deadline for public discussion (submission of statements by interested parties) was 3 April 2023. The newly proposed provisions would allow for the prosecution of individuals who create conditions for online piracy. This includes individuals who develop and maintain torrent tracker sites, web platforms, chat groups in applications for online exchange of pirated content, and other similar activities. *This publication is also available in German and French.

The competent authorities for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the protection from threats to public order and security and their prevention (police and criminal activity) process a number of personal data for a diverse range of subjects - suspects, accused, convicted persons, witnesses (including protected witnesses), victims of crimes, undercover agents and many others. Protecting their personal data from unauthorized or unlawful processing and from accidental loss, destruction or damage is a key prerequisite for the normal and lawful police and criminal activity. Moreover, compromising the security of this data is likely to endanger the lives, health, rights and freedoms of these and other individuals. Therefore, the competent authorities are called upon to implement appropriate technical and organizational measures for the security of these personal data. This paper aims to explore some basic data security guarantees enshrined in EU and Bulgarian law, in particular Directive 2016/680 and the Personal Data Protection Act.

On 1 February 2023, the Code of Conduct on Measures to Assess, Label and Restrict Access to Programmes which are Harmful or Pose a Risk to Affect Adversely the Physical, Mental, Moral and/or Social Development of Children – the Code) entered into force. The Code was adopted by CEM pursuant to Decision No. RD-05-7 dated 12 January 2023. The Code has been prepared jointly by the Council for Electronic Media – CEM and the Association of Bulgarian Radio and Television Broadcasters (ABBRO), the Bulgarian National Television (BNT) and the Bulgarian National Radio (BNR) in accordance with the Radio and Television Act.

By resolution dated 15 December 2022 the Bulgarian Supreme Court of Cassation opened interpretative case No. 3/2022 concerning the interpretation of certain questions regarding compensation for copyright infringements which cause confusion and disagreement between the lower courts and practitioners. The case was opened upon a request of the Bulgarian Supreme Bar Council and will be decided by the General Assembly of the Civil and Commercial Chambers of the SCC. *This publication is also available in German and French.

The directive, which must be implemented in Bulgaria no later than 17 October 2024, creates new obligations for companies and organisations. *This publication is in Bulgarian.

The act which is as binding as a regulation came into force at the end of 2022, and raises the question of whether Viber, WhatsApp, YouTube, eMAG and others are ready to start implementing it a year in advance. *This publicaton is in Bulgarian.

The Council for Electronic Media convened a roundtable on gambling commercial communications in media services and video sharing platform services which took place on 13 December 2022. The roots of the discussions can be traced back to August 2022 when a Memorandum for Cooperation was signed between CEM and the National Revenue Agency – NRA). The reason behind the debate was the aggressive campaigns of gambling advertising which increased, especially with the broadcast of the World Cup. The latter provoked the submission of petitions by the National Children’s Network and the Parents Association to various authorities insisting on a complete ban on gambling advertising and changes to the Bulgarian Gambling Act and the Bulgarian Criminal Code. According to the members of both organizations, gambling advertising poses a serious threat to children, and media content in the field of gambling should be regulated.

Bulgarian DPA issued an opinion on the questions from a Bulgarian City Municipality regarding requested ongoing access from the police department to the video recordings of the Municipality video surveillance system.

On 22 November 2022, the caretaker government in Bulgaria submitted the draft Bill for amendment and supplement to the Copyright and Neighbouring Rights Act to Parliament for adoption. The Bill would transpose the EU directives concerning copyright, namely: 1) Directive 2019/789 laying down rules on the exercise of copyright and related rights applicable to certain online transmissions of broadcasting organisations and retransmissions of television and radio programmes; and 2) Directive 2019/790 on copyright and related rights in the Digital Single Market.

If the processing of personal data by the private sector is a relatively well-researched matter, the analyses dedicated to the peculiarities of the processing of personal data by the judiciary are much more limited in scope. This is the main reason for the preparation of this report, which aims to highlight some key peculiarities in the processing of personal data by the judiciary and to systematize the relevant practice of the supervisory authorities in Bulgaria in the field of personal data protection – the Commission for Personal Data Protection and the Inspectorate to the Supreme Judicial Council.

Currently, there are no legal restrictions to pay for property with cryptocurrency. However, the lack of regulation for the creation and trading of cryptocurrencies creates prerequisites for fraud.

The dynamics of contemporary social relations pose new threats to security and public order. The competent authorities should therefore identify appropriate mechanisms to counter such threats, in line with the modern technological development of society. Such mechanisms may include certain new technologies such as facial recognition, artificial intelligence, automated decision-making and profiling. This report aims to analyse some basic legal safeguards of rights and freedoms in the application of these technologies in the field of countering crime and terrorism. *This publication is in Bulgarian.

The increasing scale and impact of cyber attacks goes beyond individual companies, industries and even countries. And when the consequences not only damage corporate image but threaten national security, the issue of regulation and the need to introduce standards that ensure sufficient protection inevitably comes to the fore. *This publication is in Bulgarian.

A significant step forward in our employment legislation was the possibility provided by the 2016 amendments for a part of the employment documents to be created and stored as electronic documents. This possibility is detailed in a secondary legislative act of the Council of Ministers - the Ordinance on the type and requirements for the creation and storage of electronic documents in the employee's employment record. *This publication is in Bulgarian.

The termination of the employment contract on the employer's initiative in exchange for an agreed compensation under Article 331 of the Labour Code (LC) is one of the frequently applied grounds in practice. This is due to its advantage for both the employer and the employee. Assoc. Prof. Martin Zahariev, PhD, discusses some specific features of termination on this ground, which are good to know for both parties of the employment relationship. *The article is in Bulgarian.

Bulgarian PDPC has adopted a list of processing operations that require prior consultation which is addressed to the authorities subject to Directive (EU) 2016/680. This list does not directly applies to the accitvities of the controllers and processors subject to GDPR, but provides an indication for operations which rise high risks and require DPIA and eventual prior consultation under GDPR as well.

On 8 June 2022, the Council for Electronic Media has initiated a public consultation on a Draft Code of Conduct on Measures to Assess, Label and Restrict Access to Programmes which are Harmful or Pose a Risk to Affect Adversely the Physical, Mental, Moral and/or Social Development of Children, pursuant to Decision No. RD-05-44/8 June 2022. CEM has prepared the Draft Code jointly with the Association of Bulgarian Radio and Television Broadcasters (ABBRO), the Bulgarian National Television (BNT) and the Bulgarian National Radio (BNR).

On 7 July 2022, Act for Amendment and Supplement to the Criminal Code was promulgated in the State Gazette. The amendments to the existing legal framework are in the field of computer-related crimes (including cybercrime and crimes against critical infrastructure), the crimes against intellectual and industrial property, and plagiarism, as well as the crimes against online child sexual exploitation. The amendments can be narrowed down to changes expanding the minimum and maximum thresholds for imprisonment for the described fields and changes in the maximum amount of the fines.

Pursuant to Art. 19, Para 3 of the Obligations and Contracts Act, either of the parties to the preliminary contract may bring an action for the conclusion of the final contract. Most often in practice, these claims are initiated by the buyer under the concluded preliminary contract, as it is usually the buyer whose rights and interests are more vulnerable in the overall process of concluding a final contract for the purchase of real estate. This is because it is widely accepted in practice to arrange for the payment of part of the sale price to be made prior to the conclusion of the final contract in the form of a deed. This leads to situations where the buyer has fulfilled their main obligation to pay the sale price (or a large part of it) and they are left with the legitimate expectation (hope) that the seller will appear at the place and time agreed in the preliminary contract to conclude the final contract, but this does not always happen. *This publication is in Bulgarian.

The monograph, edited by the internationally renowned expert in IT and data protection law Prof. Dr. Jos Dumortier, gives a thorough and up-to date overview of various aspects of Bulgarian cyber law, including regulation of the ICT Market, protection of intellectual property in the ICT sector, ICT contracts, electronic transactions, non-contractual liability, privacy protection, and computer-related crime.

Assoc. Prof. Martin Zahariev, PhD criticizes a recent decision of the Supreme Administrative Court requiring consent from the debtor for data processing in case of assignment of debts. More on his arguments and what he suggests as a possible workable solution can be found in the material.

Ivan Alexander Manev answers the most common questions about the taxation of cryptocurrency income earned by an individual or an entity, how and when it should be declared. *This publication is in Bulgarian.

Although the General Data Protection Regulation (GDPR) has been applied since 25 May 2018 and the amendments to the Bulgarian Personal Data Protection Act (PDPA) have been in force since the beginning of March 2019, there is currently still a serious misunderstanding among many organisations about what obligations they have with regard to the protection of personal data they process in the course of their activities. This analysis focuses on the main employers' obligations regarding the protection of personal data. *This publication is in Bulgarian.

DPC, represented by senior associate Tsvetelina Koleva, associate Alexander Georgiev, and partner Pencho Stanchev, contributed to the Business Reorganisation Assessment report on Bulgaria prepared by the European Bank for Reconstruction and Development.

Senior Associate Nikola Stoychev, assisted by Associate Christian Ivanov, provides a brief account of a recent case related to the boundaries between journalists’ freedom, objectivity and dissemination of information, and the right of individuals not to be filmed without their consent, tried by the Bulgarian Supreme Court of Cassation. *This publication is also available in German and French.

Senior Associate Tsvetelina Koleva makes a review of the legal framework for developing cryptocurrencies to date and in the foreseeable future. *This publication is in Bulgarian.

Partner Hristo Nihrizov and Senior Associate Nikola Stoychev contributed the chapter on Bulgaria of Media, Advertising, and Entertainment Law Throughout the World. Written by the Center for International Legal Studies and members of MULTILAW, one of the world's leading associations of independent law firms, Media, Advertising, and Entertainment Law Throughout the World provides a concise and current overview of media, advertising, entertainment, and art law in more than 30 countries. This resource provides a starting point for media and entertainment attorneys and business people in understanding the law of other countries. The text is organized by country for easy reference, contains uniformly organized chapters for ease of use, and has useful appendices.

How financial technologies and businesses are going to develop in a sustainable, stable and long-lasting way within the EU

It has been more than 3 years since the General Data Protection Regulation (GDPR) became applicable in the European Union. The Regulation has significantly increased the requirements for organizations processing personal data – controllers and processors, while also introducing high sanctions, with maximum amounts reaching millions of euros. Although a number of organizations have invested significant resources in bringing their data processing processes in line with the new requirements, there are still many violations of these rules. This analysis aims to systematize the most common violations of the data protection rules and to propose means of avoiding them.

In his article for the eighth issue of the European Audiovisual Observatory Newsletter Nikola Stoychev, actively assisted by Christian Ivanov, provides a brief account of the CEM report on the parliamentary vote on 11 July 2021, which presets the data and findings based on the specialised monitoring process of the activity of media service providers during the pre-election campaign. *This publication is also available in German and French.

Senior Associate Nikola Stoychev, assisted by Associate Christian Ivanov, gives a brief state-of-art review of the transposition of EU Directive 2019/789 and Directive 2019/790 in Bulgarian legislation. *This publication is also available in German and French.

The dynamics of modern public relations and the development of information and communication technologies determine the progressively increasing use of video surveillance in everyday life. Many public agencies and private organizations implement video surveillance systems for various purposes – protection of property, protection of life and health of their employees and visitors, access control, control of labor discipline, and the like. And while video surveillance is becoming more accessible from a technological, logistical and economic point of view, it is not that easy to answer the questions of how lawful and proportionate its use is in the light of European and national rules for the protection of personal data and for ensuring the privacy of the individual. This paper aims to analyze some of the most important aspects of the personal data protection regime applicable to video surveillance, such as possible legal grounds for video surveillance; ensuring the principle of transparency and informing the monitored persons about the video surveillance; admissibility of facial recognition as a form of processing of a special category of data, such as biometric data, and other specific obligations under the General Data Protection Regulation and the Personal Data Protection Act related to video surveillance. The above issues are analyzed in the light of European and national practice in the application of personal data protection rules.

For a second year in a row DPC arbitration experts have been invited as contributors to the Austrian Yearbook on International Arbitration. Pencho Stanchev and Martin Zahariev, PhD worked on the Bulgarian part to the chapter Jurisdictional Issues and Arbitration - An International Comparison of the Austrian Yearbook on International Arbitration 2021 with authors Gerold Zeiler and Andrijana Misovic.

In his latest piece for the European Audiovisual Observatory Newsletter Nikola Stoychev, actively assisted by Christian Ivanov, provides a brief overview of the novelties introduced by the new Act for Amendment and Supplement to the Radio and Television Act, which is implementing Directive (EU) 2018/1808 a.k.a the Audio-Visual Media Service Directive. *This publication is also available in German and French.

Over the last decade there has been a constant trend towards digitalization of many traditional processes in business organizations. This trend has accelerated dramatically in recent months due to the anti-epidemic measures introduced against the COVID-19 pandemic, which have led to the mass introduction of remote work (where possible), remote business meetings, negotiations and signing of contract, etc. Perhaps the most important of these processes is the document flow of the organization, i.e. the creation, signing, exchange and storage of documents both inside the organization (e.g. documents created in connection with the work process) and outside it (e.g. documents connected to relations with suppliers, contractors, business partners and potential ones). However, with the introduction of concepts such as contract, concluded remotely, electronic statement (e-statement), electronic document (e-document) and electronic signature (e-signature), many questions arise, as well as fears that the new digital being of documents is not able to guarantee the interests of legal entities in the same way as the good old paper document. This analysis aims to examine the issues of the legal value and importance of e-documents in the context of commercial and civil law. *The publication is in Bulgarian.

In his second piece for the European Audiovisual Observatory Newsletter, Nikola Stoychev, assisted by Christian Ivanov, summarizes the Bill to amend and supplement the Film Industry Act, envisaging various incentives for the promotion of the local film industry, including a new cash rebate aid scheme for the production of audiovisual works, in accordance with Regulation (EU) No. 651/2014. *This publication is also available in German and French.

On 25 May 2018, Regulation 2016/679 (General Data Protection Regulation, GDPR/ the Regulation) became applicable. It introduced a unified regime for the protection of personal data within the European Union, further developing the existing national rules in this matter, adopted by the Member States when transposing the requirements of Directive 95/46 that precedes GDPR. Among the ambitious goals of the European legislator with the adoption of GDPR is to ensure the control of natural persons over their own personal data and to enhance legal and practical certainty for natural persons, economic operators and public authorities. One of the means to achieve this is to expand the scope of some existing rights of data subjects in the processing of their personal data, the establishment of new, hitherto unknown rights, as well as the regulation of reciprocal obligations of the subjects processing personal data – data controllers and processors. In addition, GDPR introduces specific rules on the remedies of the data subjects in case the requirements of the Regulation on the processing of their personal data are infringed. The purpose of this study is to analyze the rules for determining international jurisdiction in proceedings related to infringements of the rules of GDPR. The types of legal remedies that GDPR provides to data subjects are considered - the right to lodge a complaint with a supervisory authority, the right to effective judicial remedy against a supervisory authority and the right to effective judicial remedy against a controller or processor and the rules for determining international jurisdiction over the said proceedings. *The publication is in Bulgarian.

The proceedings of the XXIX FIDE (International Federation for European Law) Congress in The Hague in 2020 are published in four volumes. This book (Vol. 3) contains the reports of the General Rapporteurs (Nicolas Petit and Pieter Van Cleynenbreugel), the Institutional Rapporteur (Thomas Kramler) and the National Rapporteurs on Topic 3: EU Competition Law and the Digital Economy: Protecting Free and Fair Competition in an Age of Technological (R)evolution. The National Rapporteur for Bulgaria is DPC senior associate and renowned competition expert Donka Stoyanova. https://boeken.rechtsgebieden.boomportaal.nl/publicaties/9789462361300#159

In the situation of a pandemic making remote work the new normal, the qualified electronic signature (QES) has become an essential tool enabling lots of people to do their jobs. Martin Zahariev, PhD offers some useful clarifications to employers in connection with the issuance of QES to their employees. *This publication is in Bulgarian.

In his first piece for the European Audiovisual Observatory Newsletter, where he was invited to be a regular contributor, Nikola Stoychev, assisted by Christian Ivanov, summarizes the decision of the Bulgarian competition authority stating that the the introduction of quotas for Bulgarian music through amendment of the Radio and Television Act would restrict competition on the media market. *This publication is also available in German and French.

The alarming and dynamic increase in the number of COVID-19 cases over the past few weeks has seriously raised the question of what measures could be taken in order to curb the spread of the infectious disease in the workplace. May employees be tested for COVID-19? May this be introduced by the employer as a mandatory requirement? May the staff be notified in case of a sick employee? May employers trace contact persons among staff? Do such measures contravene data protection regulations or other requirements? This analysis tries to give some useful guidelines in connection with the above questions. *This publication is in Bulgarian.

Abstract: This analysis aims to clarify the nature of the principles of personal data processing (the Principles). To achieve this goal, the following tasks have been performed: (1) the emergence and evolution of the Principles in historical context are analyzed; (2) their content and practical significance are clarified; (3) a distinction is made between the Principles and the concept of a legal principle; (4) a comparative analysis is carried out with the laws of other countries, such as the California Consumer Privacy Act. As a result of the research, the thesis is substantiated that the Principles have the nature of legal norms of general significance and have established themselves as a kind of standard for personal data protection. *This publication is in Bulgarian.

The COVID-19 pandemic has significantly accelerated digitalisation in all spheres of public life. Many companies have had to move to remote work with almost no preparation, limit their physical meetings with current and potential contractors, and switch fully or partly to electronic document turnover. Some questions were urgently raised of how one can sign remotely, so that the various business processes in the organizations would not be blocked and at the same time a certain level of legal certainty would be achieved, which would guarantee the rights and interests of those signing remotely. Although the legal framework of the electronic document and the electronic signature is not new, but has been operating in Bulgaria and the EU for years, it turned out to be insufficiently familiar and clear for most of the companies. This is the main reason for this analysis, which aims to explore the different possibilities for electronic signing of documents in the ordinary course of business of private entities. *This publication is in Bulgarian.

Europe is facing the rise of the second Covid wave with a new series of restrictions and lockdowns. Rositsa Vasileva and her colleagues from the Meritas European Employment Group provide a useful overview of these restrictions, along with the relevant support measures, covering 14 countries.

This Country Overview of Aid Programs in Selected European Countries was prepared by IBA's Closely Held and Growing Business Enterprises Committee with the support of IBA European Regional Forum (ERF) and aims to allow lawyers around the globe to better serve their international clients – and to allow international companies to understand the specificities of national and regional programmes available in the jurisdictions in which they do business.

Zoya Todorova, Partner, and Rositsa Vasileva, Associate at Dimitrov, Petrov & Co. (DPC), have contributed to an extensive survey conducted by the International Bar Association Antitrust Committee. The survey, covering 44 jurisdictions worldwide, aimed to examine the ways in which the overnight change of the global reality affected the antitrust world, by gathering in a single document a compilation of competition agency reactions to the Covid-19 pandemic.

In the emergency situation caused by the COVID-19 pandemic, employers face many challenges - from seeking to maintain employment and minimize losses to compliance with established anti-epidemic measures and protection of the lives and health of their employees. Martin Zahariev, PhD, examines several processing operations related to counteracting the spread of COVID-19 at the workplace and their admissibility from GDPR and Bulgarian law perspective.

Almost 2.5 years since GDPR became effective, many things have changed. Most importantly, the privacy-awareness has drastically increased among both companies and citizens. Find out what happened during this period in Bulgaria (key legislative changes and most noteworthy cases) in the latest report by our experts Martin Zahariev and Radoslava Makshutova.

The Book “Enhancing the Right to be Present” elaborated within the PRESENT project addresses the direct need of training and receiving insight on the changes that are going to be incorporated in the legislation of EU Member States in order to transpose Directive (EU) 2016/343. The PRESENT partnership unites 6 partners from 6 countries (Bulgaria, Austria, Romania, Slovakia, Cyprus and Portugal) with diverse focus and a wealth of expertise. The publications featured in the book address various topics concerning the right to be present at trial and the presumption of innocence in different Member States. Prof. George Dimitrov and Radoslava Makshutova were part of the Bulgarian team who contributed to the monograph with the article "The Right to be Present at Trial in Criminal Proceedings under Bulgarian Legislation."

Hristo Nihrizov comments the latest developments on the telecom market

Desislava Krusteva comments the proposition for introduction of new global digital tax

Zoya Todorova comments the decision of the Bulgarian Commission for Protection of Competition to carry out an in-depth study of the proposed acquisition of CEZ' business in Bulgaria by Eurohold in the context of the EU guidance and practice regarding non-horizontal mergers. *The publication is in Bulgarian

Martin Zahariev comments on the latest developments of technology and the impact of AI.

Desislava Krusteva summarizes what are the legal and practical challenges to E-commerce related to the requirements for recording and reporting sales and the management softwares.

With few exceptions, cybersecurity in the Bulgarian state and business is at a very low level. Comments by Martin Zahariev on the NRA data leak

The article analyses key moments regarding the regulation of personal data and the employment of new employees.

The monitoring of employees’ activities in the work place is a sensitive and often contentious issue. On the one hand, an employee has the right to privacy and the protection of their personal data, which is enshrined in various human rights, privacy and data protection laws and regulations. On the other hand, employers have a right to monitor their employees to protect their business from abuse, to prevent criminal activity and to ensure occupational safety.

Martin Zahariev comments on the EU Copyright Directive

Desislava Krusteva comments on the regulations on personal data and fiscal devices in ordinance N-18 *The publication is in Bulgarian

Martin Zahariev provides a brief overview of the key amendments in Bulgarian personal data protection legislation in connection with the recent entering into force of the GDPR.

Boyana Milcheva comments on the new FIDIC contracts

The article elaborates on the suggested new requirements for e-shops * This publication is in Bulgarian.

The wording of Article 453, item 1 of the Civil Procedure Code (CPC) before its amendment by the Act for Amendment and Supplement to the Civil Procedure Code (promulgated by SG No. 86 of 2017) regulated the enforceability of transfer and establishment of property rights against creditors with registered foreclosure. However, uncertainties arose in its application when there is a competition between the rights of a creditor with a registered foreclosure and the rights of persons with rights other than rights in rem (mostly tenants and lessees with registered lease or rental agreements). * This publication is in Bulgarian.

*The article is in Bulgarian.

Analysis of the obligation to appoint a DPO and to notify the Commission for Protection of Personal Data. * The publication is in Bulgarian.

Desisalava Krusteva provides a brief overview of the mandatory data protection measures that need to be observed under GDPR. * This publication is in Bulgarian.

The author analyses in details the obligation to maintain a record of processing activities under the GDPR. *The publication is in Bulgarian

A step-by-step guide for achieving GDPR compliance. *The publication is in Bulgarian.

Desisalva Krusteva on the main obligations of data processors under the GDPR