On December 25, 2024, the Personal Data Protection Agency of the Republic of North Macedonia adopted a new Rulebook regarding the security of personal data processing. This regulation replaces the earlier 2020 legislative act and aims to enhance personal data protection while aligning the country’s practices with European standards, particularly the GDPR. As a result, businesses must adapt to the updated framework.
The new Rulebook provides clear guidelines for data controllers and outlines their responsibilities in safeguarding personal data. It emphasises the need to plan, implement, review, and update both technical and organisational measures. These actions reduce risks associated with data processing and ensure compliance with personal data protection laws. Therefore, data controllers must prioritise these tasks to avoid potential violations.
The Rulebook introduces important terms that data controllers must understand:
Data controllers must establish a functional, sustainable information system that complies with the Rulebook’s guidelines. This includes:
The Rulebook will come into effect on July 1, 2025, giving data controllers a transition period to align their practices with the updated requirements. During this period, organisations must review and update their systems, conduct risk assessments, and implement the necessary measures to comply with the new guidelines. Organisations must act promptly to avoid delays.
The Rulebook focuses heavily on risk management. Data controllers must assess the potential impact of data processing activities on individuals’ rights and freedoms. They must take proactive steps to reduce these risks. Additionally, controllers must regularly test information systems to ensure they function as intended and maintain the required level of security. Testing and ongoing improvements are essential for maintaining data protection standards.
The Rulebook also addresses the conditions under which personal data may be transferred to third countries. Controllers must ensure that such transfers comply with local data protection laws and international standards to protect personal data throughout its lifecycle. Organisations must handle cross-border transfers in compliance with the applicable legal framework.
Although North Macedonia is not yet an EU member, its data protection laws align closely with the EU’s GDPR. This alignment ensures that businesses operating in North Macedonia meet similar standards to those in the EU, particularly regarding data processing, security measures, and penalties for non-compliance. Businesses in North Macedonia effectively prepare for the possibility of future EU membership.
The new Rulebook on personal data processing introduces significant changes to how personal data must be handled in North Macedonia. Data controllers must ensure full compliance by July 2025 and align their practices with international standards. This regulation strengthens data protection in North Macedonia and facilitates the country’s progress toward greater alignment with the EU’s data protection framework.
360 Business Law helps businesses navigate complex legal frameworks, including data protection and security. With the new Rulebook in place, organisations must act quickly to ensure compliance and protect personal data. 360 Business Law provides expert legal guidance, helping businesses in North Macedonia and beyond align with international standards like the EU’s GDPR.