News

The year 2024 was a very busy one for the Macedonian Personal Data Protection Agency

The Macedonian Personal Data Protection Agency adopted a new Strategy for the implementation of the right to personal data protection and a new Rulebook on the security of personal data processing, in parallel with an increase in the number of supervisions conducted.

The year 2024 was a very busy one for the Macedonian Personal Data Protection Agency (hereinafter referred to as the “Agency”).

Strategy for the Implementation of the Right to Personal Data Protection in the Republic of North Macedonia for the period 2025–2030

First, the Agency adopted the new Strategy for the Implementation of the Right to Personal Data Protection in the Republic of North Macedonia for the period 2025–2030 (hereinafter referred to as the “Strategy”). The Strategy outlines four key goals for the next five years in implementing the right to personal data protection:

1. Ensuring the complete autonomy and independence of the Agency through the adoption of amendments to the Law on Personal Data Protection in order to guarantee the Agency’s financial and human resource independence; strengthening the Agency’s capacities; and amending sectoral legislation relating to misdemeanors.

2. Harmonising legislation, namely by adopting a law for the transposition of the Law Enforcement Directive (the so-called Police Directive); aligning national laws with EU legislation in the field of personal data protection; and harmonising legislation with respect to digitalisation processes.

3. Fostering a continuous increase in the culture of personal data protection by strengthening cooperation with supervisory bodies for personal data protection and other international organisations and bodies; maintaining ongoing collaboration with the public, private, and civil sectors; providing training on personal data protection; and enhancing the transparency and visibility of the Agency.

4. Implementing accountability tools, including improving accountability mechanisms to enhance controllers’ compliance; promoting certification and codes of conduct; networking personal data protection officers; and undertaking activities to improve the position of personal data protection officers.

 

Rulebook on the Security of Personal Data Processing

In addition, the Agency adopted a new Rulebook on the Security of Personal Data Processing (hereinafter referred to as the “Rulebook”), which entered into force in July 2025. Under this Rulebook, controllers and processors must align their processes within six months. The Rulebook sets out measures and guidelines for ensuring the security of personal data and specifies the technical and organisational measures that must be implemented to guarantee the integrity, confidentiality, and availability of the data.

Annual Report for 2024

On the other hand, according to the Agency’s Annual Report for 2024, the number of supervisions conducted in 2024 increased by 30% compared to the previous year.

Statistically, across all areas subject to supervision in 2024, a total of 338 supervisions were carried out, including:

1. 18 regular supervisions, conducted in:
2. Private health institutions, where the Agency found that personal data protection procedures were established but required improvement;
3. Employment agencies, where the Agency determined that personal data protection procedures were at a very low level and required immediate improvement;
4. National banks. This supervision began in 2024 and will continue in 2025 to cover all national banks, with results to be published in the Annual Report for 2025.
5. 304 extraordinary supervisions related to violations of personal data security; publication of personal data by public authorities; video surveillance in sales, hospitality, healthcare, and finance sectors; retention of personal documents (ID cards and passports) by hoteliers; processing of genetic data of football club members; video surveillance in residential buildings and public areas; and digital marketing without prior consent.
6. 16 follow-up (control) supervisions.

As a result of these activities, five requests for initiating misdemeanor proceedings were submitted to the Misdemeanor Commission at the Agency.

From the above, it may be concluded that the Agency has delivered significant results and accomplished a considerable volume of work, notwithstanding the challenges posed by staffing constraints and limited resources.

 

Article provided by INPLP member: Jasmina Brezovska (BONA FIDE, Macedonia)

 

 

Discover more about the INPLP and the INPLP-Members

Dr. Tobias Höllwarth (Managing Director INPLP)