Personal Data Protection Agency of North Macedonia, Croatian Personal Data Protection Agency and German Foundation for International Legal Cooperation (IRZ) oganised a kick-off meeting to present Twinning project “Support to the Implementation of the Modernised Data Protection Legal Framework”, which was held in Skopje on 30 September 2021. The event was attended by the high government officials, representatives from the EU delegation in North Macedonia, representatives of data controllers public authorities and private sectors, data protection experts from Croatia, Germany and North Macedonia.
The new Law on Personal Data Protection is in the focus of the project “Support to the Implementation of the Modernised Data Protection Legal Framework”, aimed at improving protection of fundamental human rights and the national system of personal data protection in compliance with standards under the EU acquis, as well as to improve operation of the Agency for Personal Data. The Law on Personal Data Protection transposes the General Data Protection Regulation (GDPR), and as well as GDPR, introduces significant changes: it introduces new definitions and concepts, imposes new obligations for data controllers and processors and enhances data subject’s rights.
In the first part of the event, high government officials Mr Bojan Maricic, Minister of Justice of the Republic of North Macedonia, H.E. Nives Tiganj, Ambassador of the Republic of Croatia, Mr Steffen Hudolin, Head of Cooperation at the EU Delegation, Mr Otto Graf, Deputy Head of Mission at the Embassy of the Federal Government of Germany, Mr Imer Aliu, director of the Personal Data Protection Agency and Mr Zdravko Vukić gave keynote speeches.
Minister of Justice, Mr Bojan Marichikj stressed that the new Law on Personal Data Protection represents a significant step forward in terms of personal data and privacy protection, whereby our country keeps the pace with the modern and developed world where data protection is assigned great importance.
“We live in the era of digital transformation where information technologies are part of our everyday life. Personal data circulate in the cyber world like never before, making protection thereof a particular challenge. With the adoption of the new law in February last year, the country has timely recognized the trend of personal data protection across Europe and set this topic high on the agenda for transposition of EU acquis in the national legislation”, emphasized the justice minister Marichikj.
In his opinion, this positive step was recognized and noted in the European Commission’s Country Report for 2020 and that serves as a motive to continue the reform.
“We can all agree that a country with candidate status for EU membership taking steps for continuous alignment of its legislation with that of the EU should be welcomed, as GDPR sets higher standards and has a binding effect”, said Marichikj.
Elaborating the law, the justice minister indicated that in case of law infringements, companies will be allowed a period of time to correct their actions, while in respect to fines, it was discussed for the issue to be reviewed and to see how it will function in the practice.
“Previously, comparative analyses need to be conducted on the amount of fines, and if they establish a possible need for their adjustment, the dialogue will be opened again”, said Marichikj.
The minister stressed that in respect to advancing legislation on personal data protection, two months ago the Government adopted the Proposed Law on Protection of Natural Persons in Respect to Processing of Personal Data for the Purpose of Preventing, Investigating, Detecting or Prosecuting Criminal Offences and Execution of Criminal Sanctions, popularly known as the Law Enforcement Directive.
Head of Cooperation at the EU Delegation, Mr Steffen Hudolin, underlined that, on its path to full-fledged membership, North Macedonia has demonstrated respect for human rights and implements all laws on personal data protection.
“We would like to welcome good progress made in this regard thus far and that comprehensive legal framework and regulations are adopted for the implementation of GDPR”, he said underlying that the law is one of the best in this part of Europe.
However, Mr Hudolin indicated that adoption of the law is not sufficient and that its implementation is an area where efforts are needed.
“Implementation of the law and sensitivity of this issue requires training and education for people in the public and private sector and increased public awareness on the need for personal data protection, he stressed, indicating that the Agency needs to have sufficient capacity and resources, i.e. it needs to recruit additional people”. He urged the authorities not only to secure funds, but to also ensure retention of experts for personal data protection, especially at the Agency.
Mr Imer Aliu, Director of the Agency for Personal Data Protection, stressed that the new legislation expanded their competencies and the scope of work, which will inevitably require greater engagement.
“As a result of this, we expect support from all relevant institutions to strengthen and advance our staff. A challenge for the Agency remains the need of trained staff, especially IT experts that are of key importance for the implementation of the new legislation related to modern technologies. Financial support is also needed, and more generally, ensuring the independent status of our institutions. The Agency should provide support and prevention, and should promote its role.”, said Aliu.
Mr Zdravko Vukić, Director of the Croatian Personal Data Protection Agency pointed out partners in this EU-funded Twinning project together can achieve sustainable results. Through this project, new working relationships will be established and further cooperation between North Macedonian, Croatian and German institutions will be facilitated, even beyond the project’s timeline.
“In today’s world more than ever before personal data needs to be effectively protected as part of a human-centric approach to the opportunities and challenges of the digital era and Artificial Intelligence. Data Protection Authorities play a key role in this important task, and will have even more significant role in the future”.
After keynote speeches the audience was introduced with the project goals and results of the survey conducted with data controllers in North Macedonia. Ms Sanja Silaj Zeman, Resident Twinning Adviser and Head of Department for the EU, International Cooperation and Legal Affairs from AZOP, gave presentation on specific project purposes, results to be achieved in three components of the project and activities to be implemented.
Ms Anamarija Mladinic, Senior Adviser Specialist in AZOP and short term expert within component 3 dedicated to raising awarenes activities for data controllers and citizens, presented the results of the survey conducted online on an anonymous basis with data controllers in North Macedonia. The purpose of conducting the survey was to help data controllers to identify their obligations arising from the Law on Personal Data Protection (LPDP) and to facilitate a better understanding of the LPDP. In addition, it will help PDPA experts and experts engaged in the Twinning project to gain deeper insights into the needs of data controllers in North Macedonia. Based on the findings of the survey, short-term experts in the Twinning project will develop guidance and accountability tools tailored to the needs of data controllers in North Macedonia, and in this way support them to achieve accountability and demonstrate compliance.
In the second part of event, the audience had the opportunity to participate in the interesting panel discussion titled „New data protection legal framework: challenges and opportunities for organisations”, moderated by the deputy director of the Personal Data Protection Agency of North Macedonia, Mr Igor Kuzevski. Panelists Mr Igor Vulje, deputy director of the Croatian Personal Data Protection Agency, Ms Elisabeth Dühr, short term expert and component leader of the first component, Ms Biljana Volceska, Senior Legal Adviser, Papazoski and Mishev Law Firm and Mr Arben Gudaci, Lawyer, Macedonian Young Lawyers Association, where exchanging their thoughts and experiences in relation to the implementation of the new data protection legal frameworks. The main conclusion is that data protection authorities, NGOs, SMEs all around Europe are facing similiar issues while trying to implement the new modernized data protection legal frameworks. There is a lot of hard work ahead of us, and we will be very busy working together in the coming months, and that’s how it should be if we want to address challenges and opportunities effectively.