1. You are one of the founders and president of Privacy, an association for the protection of personal data. What is the purpose of forming such an association?
THE NATIONAL ASSOCIATION FOR PROMOTION OF THE RIGHT TO PERSONAL DATA PROTECTION is a voluntary, non-profit, non-governmental, non-partisan association of citizens, established by the free association of citizens for the purpose of exercising data as well as all those who work as officers for personal data protection or have job responsibilities in the scope of personal data protection on the territory of the Republic of North Macedonia and beyond, and in accordance with the Constitution and the Law.
Citizens join the Association as a non-profit organization of interested professionals in the field of personal data protection, to strengthen the capabilities and capacities of personal data protection officers, but this is also an association of all those who are active in the field of personal data protection. data or are involved or show interest in protecting the rights and freedoms of personal data subjects.
The association is also aimed at raising public awareness on personal data protection in the Republic of North Macedonia by promoting dialogue and debates on topics of common interest, training and the like, sharing ideas, as well as developing, clarifying and improving legislation in terms of of personal data protection, but also submitting requests and representation of personal data subjects before the competent authorities for exercising the right to personal data protection.
2. The deadline for harmonization of the companies’ operations with the new Law on Personal Data Protection expires soon. What are the obligations of the new law and what would you recommend to the companies?
The obligations of the new legislation are not small, the challenge is great, so I recommend the companies and everyone else to whom this Law refers to immediately start taking measures and activities to implement the law and the first thing to do is to appoint to an authorized person for protection of personal data-officer because that person is in fact the bearer of the law enforcement activities in the company. Each company should make a detailed analysis of the need to appoint an officer, and in case of doubt whether or not it should, it is recommended to still appoint such an officer. Criteria for appointing an officer are:
– If the core business of the company requires regular and systematic large-scale monitoring of data subjects, and
– If the core business of the company consists in processing specific categories of large-scale personal data.
However, the deciding factor for the appointment of an officer must be his / her professional abilities, especially his / her professional knowledge of law and practice. The good thing about the new law is the possibility to hire an external officer, unlike the old law when that person had to be among the employees with the fact that during the work there was often a conflict of interest in the work and quality of the delivered results was not at an enviable level in many cases.
For that purpose, the Association itself got involved in supporting the implementation of the law by offering a service for hiring an external officer from professionals who are part of our team.
3. Do you think that in our country are created all the conditions for personal data protection, especially whether the regulation provides sufficient protection for personal data subjects?
I definitely agree that we have created all the preconditions for personal data protection by completing the legislative framework. Several more bylaws are missing which we hope the Regulator will be able to adopt as soon as possible. But it is a segment the overall picture of the area. But it must be borne in mind that like any other area, this is a living matter that changes and complements through practice. The more difficult part is the practical application of the regulations in the work of the controllers and processors, which in itself is a huge challenge on the one hand and the increased public awareness of the citizens for the increased rights offered by the law who will be more and more active to seek or protect their rights, thereby creating additional obligations for companies.
4. You were also the Director of the Agency for Personal Data Protection at one time, how do you assess the protection of personal data in North Macedonia, is there effective protection?
This question might be more adequately answered if it is addressed to the Agency for Personal Data Protection, but my personal opinion and perception is that it is not enough just to pass the laws but also to implement them, which of course according to the same laws, are competent precisely regulatory bodies such as the Agency. In order to achieve any progress in the implementation of the law, it would be more than desirable to increase the number of planned activities of the regulator both to raise public awareness of the matter, and to support controllers and processors to achieve greater compliance. with the regulations for personal data protection.