Application of the General Data Protection Regulation


Pursuant to the General Data Protection Regulation (GDPR), an EU regulation which will take effect in Croatia on May 25, 2018, the Data Subject must be clearly and unambiguously informed about the purpose for collecting and processing personal data. As announced previously, the Croatian National Tourist Board has prepared a brief tourist information notification, which states the legal basis for collecting and the purpose for processing personal data entered in the e-Visitor system.

The relevant notification has been translated into several languages, and the individual versions are published on  

The notification has an informative character and its purpose is to inform the tourists of the following:  

(a) the purpose of processing;

(b) the categories of personal data being processed;

(c) the recipients and categories of recipients to which personal data have been or will be disclosed;

(d) the envisaged personal data retention period.  

We kindly ask that you present the above-mentioned written notification, together with the related explanation, to the guest when you request him/her to provide you with an identification document for the purpose of entering his/her data in the eVisitor system.  

Just to Remind You:  You are not required to obtain the tourist's consent in order to be able to inspect the personal data indicated on his/her ID card or some other identification document since you have a valid legal basis for doing so. However, you are not allowed to copy or store such ID card or other identification document for the purpose of entering the relevant data in the eVisitor system or for the purpose of having such data stored 'just in case' or for some other purpose, since that would qualify as excessive personal data processing. Excessive personal data processing represents a violation of the fundamental principles of personal data processing, primarily the principle of data minimization and the principle of storage limitation, for which the GDPR prescribes the most severe fines.


Useful information