North Macedonia: Support to the Implementation of the Modernised Data Protection Legal Framework

EU Twinning Project

Support to the Implementation of the Modernised Data Protection Legal Framework, North Macedonia
June 2021 – October 2022
IRZ Juniorpartner
Budget: 600.000 Euro
Responsible at the IRZ: Katharina Tegeder

The Twinning project "Support to the Implementation of the Modernised Data Protection Legal Framework" has a duration of 15 months and a budget of EUR 700,000. The project started in June 2021 and is implemented by IRZ as junior partner together with the Croatian Personal Data Protection Agency as senior partner.

In 2017, in response to EU recommendations, a process was initiated to transpose the EU General Data Protection Regulation 2016/679 (GDPR) into a new law on the protection of personal data in North Macedonia. The resulting new law was approved by the Parliament and entered into force on 24 February 2020. However, the process of transposing Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 (Police Directive) into a new law has only started in October 2020.

The Twinning project will support the preparation of guidelines necessary for the implementation of the new law. It will develop a specific guide for harmonizing sectoral legislation with the new law, which can be used by ministries and other relevant institutions when drafting new legislative proposals and reviewing and amending existing laws.

The project aims to improve the performance of the Personal Data Protection Agency (PDPA) in implementing the modernised data protection framework by strengthening institutional capacity, the legal and regulatory framework, and public awareness of data protection.

The project is composed of three components:

First component: strengthened legal and institutional framework for personal data protection

This component aims to ensure that the new law on personal data protection can be successfully implemented in the country. The measures envisaged include providing guidelines for the implementation of the law, improving the standard operating procedures of the competent authorities, and harmonising sectoral regulations with the new data protection framework.

Second component: training for the implementation of the new law

The second component focuses on building the capacity of relevant stakeholders to implement the new data protection framework in accordance with European best practices.

The target groups for capacity building are:

- the staff of the Northern Macedonian Data Protection Authority,

- representatives of government institutions and law enforcement agencies.

Third component: raising awareness of the new data protection framework

The third and final component addresses the provision of tools and resources to data processors and controllers tasked with complying with the new data protection framework. It also focuses on providing practical information to data subjects to enable them to exercise their enhanced rights in the area of personal data protection.