Data controllers and data processors had until 24 August 2021 to align with the new Law on Personal Data Protection in North Macedonia (“Law”), which introduced the GDPR in the local legislation at the beginning of 2020. Non-compliance with the new obligations for personal data protection can lead to severe penalties, such as fines of up to 2% and up to 4% of the total annual turnover from the previous financial year, per misdemeanor.
However, according to the latest announcements by the Ministry of Justice, in the next six months the Agency for Personal Data Protection (“Agency”) will assist the companies in the implementation of the new rules through education and corrective measures, rather than directly issue any fines. In case any non-compliance is detected, the Agency will allow the company to rectify the irregularity within a certain deadline. The Agency has already prepared and published to its website a set of guidelines for proper implementation of the Law and is open for communication with all relevant parties regarding the obligations under the Law.
Companies should use this informal six months holiday from the implementation of the severe penalty policy and work on ensuring compliance with the personal data protection regulation. The process can be demanding so companies should address any non-compliance as promptly as possible.
The information in this document does not constitute legal advice on any particular matter and is provided for general informational purposes only.
By Veton Qoku, and Ljupka Noveska Andonova, Independent Attorneys at Law in cooperation with Karanovic & Partners