top of page

NORTH MACEDONIA (FORMERLY MACEDONIA) - Data Protection and GDPR Review


The history of data protection in North Macedonia, formerly known as the Republic of Macedonia, is deeply intertwined with the country's political and economic transformations, as well as its aspirations to align with European standards. North Macedonia has been working towards harmonizing its legal framework with the European Union (EU), especially in the area of data protection.


Pre-European Influence


Before the push for European integration, data protection in North Macedonia was limited and primarily based on basic provisions related to privacy and individual rights in the constitution and criminal law.


Initial Legislation


In the early 2000s, Macedonia started to make efforts to align its laws with European standards. The Law on Personal Data Protection (LPDP) was first adopted in 2005. This was one of the crucial steps toward establishing a framework for data protection.


Data Protection Authority (DPA)


In conjunction with the LPDP, North Macedonia established an independent supervisory body, known as the Directorate for Personal Data Protection (DPDP), responsible for ensuring the enforcement of the law. This body deals with complaints, performs audits, and works to raise awareness about data protection issues.


EU Alignment


As a candidate country for EU membership since 2005, North Macedonia has been working to align its legislation with EU standards. The LPDP has undergone amendments to adapt it closer to the principles of the EU Data Protection Directive (95/46/EC), which was the EU's primary data protection law before the GDPR.


2019 Amendments


In 2019, the country amended its Law on Personal Data Protection to further align with the EU's General Data Protection Regulation (GDPR). These amendments were considered an important step in preparing the country for future accession negotiations with the EU. The amendments aimed to ensure greater protection for data subjects and set stricter obligations for data controllers and processors.


Privacy Concerns in Public Discourse


Data protection has also become a topic of public interest in North Macedonia, especially concerning digital privacy and the use of surveillance cameras in public areas. The Data Protection Authority has been increasingly active in this debate.


Ongoing Efforts


Efforts are ongoing to harmonize legislation and practices with the GDPR and other European norms fully. Training, public awareness campaigns, and improvements to the legal framework are continuously underway.


Future Outlook


As North Macedonia continues its journey toward EU accession, it is expected that the country will further tighten its data protection laws and continue to align them with European standards. This will likely include new rules, higher fines for violations, and a broader scope of protections.


While North Macedonia has made significant strides in data protection, there are still gaps and challenges to address. The country will likely continue to evolve its data protection strategies as it moves closer to European integration.


Data protection has been a priority in North Macedonia, particularly as the country aims to align its laws and practices with the European Union (EU) standards, including the General Data Protection Regulation (GDPR). This guide provides an in-depth look at the status and implications of data protection in North Macedonia, especially in light of the GDPR.


Guide of Contents


1. Regulatory Bodies

2. Key Principles of Data Protection

3. Law on Personal Data Protection (LPDP)

4. GDPR Alignment

5. Rights of Data Subjects

6. Consent Requirements

7. Data Breach Reporting

8. International Data Transfers

9. Compliance for Businesses

10. Penalties and Enforcement

11. FAQs

12. Future Trends


1. Regulatory Bodies


- Directorate for Personal Data Protection (DPDP): The supervisory authority tasked with overseeing data protection compliance in North Macedonia.


2. Key Principles of Data Protection


Much like the GDPR, North Macedonia's amended LPDP emphasizes:


- Lawfulness and Transparency: Clear consent and lawful processing.

- Purpose Limitation: Specific, explicit purposes for data collection.

- Data Minimization: Process only the necessary data.

- Accuracy: Keep data up-to-date.

- Integrity and Confidentiality: Ensure data security.


3. Law on Personal Data Protection (LPDP)


Adopted in 2005, the LPDP has undergone various amendments to move closer to EU standards. The law outlines the rights of data subjects, duties of data controllers, and sets up the DPDP.


4. GDPR Alignment


Amendments in 2019 further aligned the LPDP with the GDPR, particularly enhancing data subject rights and imposing stricter requirements on data controllers and processors.


5. Rights of Data Subjects


In line with GDPR, the LPDP grants:


- Right to Access: Individuals can request access to their data.

- Right to Rectification: Correction of inaccurate data.

- Right to Erasure: Also known as the “right to be forgotten.”

- Right to Object: Objection to data processing.

- Right to Data Portability: Transfer of data upon request.


6. Consent Requirements


Consent must be informed, freely given, specific, and unambiguous. Where minors are concerned, the LPDP may prescribe specific conditions such as parental consent.


7. Data Breach Reporting


Data breaches must be reported to the DPDP. Notification requirements and timelines might vary but are generally in line with GDPR’s 72-hour reporting window.


8. International Data Transfers


Transfers to countries outside of North Macedonia are permitted if the recipient country offers an adequate level of data protection, akin to GDPR requirements.


9. Compliance for Businesses


- Data Protection Officer (DPO): Not mandatory for all, but businesses processing large volumes of sensitive data might require one.

- Record-Keeping: Businesses must maintain records of data processing activities.

- Data Protection Impact Assessment (DPIA): Required for high-risk processing activities.


10. Penalties and Enforcement


Non-compliance could lead to administrative fines and even criminal penalties, although these are generally not as steep as GDPR penalties.


11. FAQs


- **Is North Macedonia GDPR compliant?**: While not an EU member, North Macedonia has made significant efforts to align its LPDP with GDPR.

- **Who oversees data protection?**: The Directorate for Personal Data Protection (DPDP).


12. Future Trends


- EU Accession: As North Macedonia moves closer to EU membership, further alignment with GDPR is expected.

- Technological Developments: Issues like AI, facial recognition, and data analytics will likely shape future amendments.


Conclusion


While North Macedonia is not a part of the EU, its data protection laws are increasingly aligned with GDPR standards. Organizations operating in the country should be aware of local laws, especially as North Macedonia continues to harmonize its regulations with the EU. Always consult legal experts for advice tailored to specific circumstances.


Comments


bottom of page