Privacy Law at North Macedonia
North Macedonia's data protection framework is governed by the Law on Personal Data Protection, adopted in February 2020 and fully implemented by August 24, 2021. This legislation aligns closely with the European Union's General Data Protection Regulation (GDPR), reflecting the country's commitment to safeguarding personal data and privacy.
📜 Key Provisions of the Law
1. Principles of Data Processing The law establishes fundamental principles for data processing, including
Lawfulness, fairness, and transparency
Purpose limitation
Data minimization
Accuracy
Storage limitation
Integrity and confidentiality
Accountability
2. Rights of Data Subjects Individuals are granted several rights concerning their personal data
Right to access: Obtain confirmation of data processing and access to personal data
Right to rectification: Request correction of inaccurate or incomplete data
Right to erasure: Request deletion of personal data under certain conditions
Right to restrict processing: Limit the processing of personal data
Right to data portability: Receive personal data in a structured, commonly used format
Right to object: Object to data processing based on legitimate interests or direct marketing
Rights related to automated decision-making: Not to be subject to decisions based solely on automated processing, including profiling citeturn0search2
3. **Data Protection Officer (DPO)** The appointment of a DPO is mandatory when
- Processing is carried out by a public authority - Regular and systematic monitoring of data subjects occurs on a large scale - Processing involves special categories of data or data related to criminal convictions on a large scale citeturn0search8
4. **Data Protection Impact Assessment (DPIA)** A DPIA is required when processing is likely to result in a high risk to individuals' rights and freedoms, particularly in cases of
- Systematic and extensive evaluation of personal aspects based on automated processing - Large-scale processing of special categories of data - Use of new technologies citeturn0search8
5. Breach Notification Data controllers must notify the Personal Data Protection Agency (PDPA) of a personal data breach within 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to individuals' rights and freedoms citeturn0search6
🏛️ Supervisory Authority
The Personal Data Protection Agency (PDPA) is the independent authority responsible for overseeing the implementation of data protection laws in North Macedoni. It has the authority t: Monitor compliance with data protection law. Issue guidance and recommendation. Impose sanctions for non-compliance. Promote awareness and education on data protection.
🌍 International Alignment
North Macedonia has ratified Convention 108+, the modernized version of the Council of Europe's Convention for the Protection of Individuals with regard to Automatic Processing of Personal Daa This ratification underscores the country's commitment to international data protection standards.
⚖️ Penalties for Non-Compliance
Violations of the data protection law can result in:
*Administrative fines: Up to 4% of the annual turnover of the offending entity.
*Criminal sanctions: For unauthorized collection or misuse of personal data.
*Civil liabilities: For damages caused by unlawful data processing.
✅ Summary
North Macedonia's data protection framework is robust and aligns with European standards, offering comprehensive rights to individuals and imposing stringent obligations on data controllers The PDPA plays a pivotal role in ensuring compliance and fostering a culture of data protection within the county.
RELATED Blog
0 comments