Directorate for Personal Data Protection, Republic of Macedonia
- Legal grounds for the protection of personal data in the national legislation
- Status and the legal position of national DPA
- Legal rights of the Directorate for Personal Data Protection
- Limitations of the national DPA
1. Legal grounds for the protection of personal data in the national legislation
Personal data protection is involved into the Macedonian legislation as integral part of protection of human rights.
The first Law on the Protection of Personal Data was adopted in 1994 to regulate the collection, processing and retention of information. This Law defined legal, organisational and technical measures against the illegal collection, analysis, destruction and disclosure of personal data as well as illegal access to data or databases. In January 2002 this Law was amended, in order to enable an appropriate level of personal data protection, incorporating the principles of the legal processing of personal data, particularly special categories of personal data as established by Directive 95/46/EC. However, implementation of this Law appears to have been sporadic, and the mandated supervisory body for enforcement of the Law was not actually established.
The harmonization of the legislation of the Republic of Macedonia in the area of personal data protection and the establishment of an independent regulatory body became a Government priority activity from 2002. Within the context of approximation of the legislation of the Republic of Macedonia to Directive 95/46/EC, particularly Article 28 stating that "each Member State shall provide that one or more public authorities are responsible for monitoring the application within its territory of the provisions adopted by the Member State pursuant to this Directive", a new Law on Personal Data Protection was drafted in 2004, amended to include the EC recommendations and eventually adopted on 25th January 2005.
2. Status and the legal position of national DPA
For the purpose of supervision over the legality of the undertaken activities while personal data procession and their protection, on the territory of the Republic of Macedonia a Directorate for personal data protection is established as an independent state body acting as legal person on 22 June 2005.
The Directorate is managed by Director which is appointed and dismissed by the Parliament of the Republic of Macedonia upon the proposal of the Government of the Republic of Macedonia.
The Director is appointed for a period of five years with a right to be re-appointed, but no more than twice. The Director of the Directorate has his/her Deputy appointed and dismissed by the Parliament of the Republic of Macedonia upon the proposal of the Government of the Republic of Macedonia for a period of five years.
The function of a Director is incompatible with other public functions or professions.
The Director submits annual report on the work of the Directorate to the Parliament of the Republic of Macedonia. When needed and upon a request of the Parliament of the Republic of Macedonia, the Director submits additional reports.
The annual report on the work of the Directorate shall be published in the "Official Gazette of the Republic of Macedonia".
The Directorate has three Departments: Administrative Inspection and Justice Affairs Department (three Units), Central Register and IT Support Department (two Units) and General Affairs Department (two Units).
For the purpose of regular and efficient performance of the work within the competence of the Directorate, the Director and the employees in the Directorate are authorized:
- to enter any premises and to perform insight into the personal data Collections where a registered systems of personal data Collections is being processed upon presenting adequate individual authorisation and document for official identification;
- to ask for written or oral explanation and to call and interview persons in relation to the personal data Collection which is under examination;
- to ask for presentation of documentation and other data in relation to the subject of control;
- to check the equipment for personal data processing and the equipment where the personal data Collections are stored and
- to order an expert analysis and opinion to be prepared in relation to the work the Controller.
3. Legal rights of the Directorate for Personal Data Protection
Directorate for Personal Data Protection is an independent state institution acting as a legal person. The main competencies of the Directorate for Personal Data Protection are:
- Creator of the policy of implementation of personal data protection:
- delivering by laws on implementation of personal data protection;
- promoting of the basic principles of personal data protection;
- Controller of the legality of personal data processing
- evaluation of the legality of the personal data processing;
- delivering opinions regarding the by laws of the Controllers;
- confirming that the Controllers by laws are in compliance with the provisions of the Law
- Holder of the control of personal data processing operations
- researching and access to personal data Collections created by the Controller by types of subjects and purposes;
- ccontrolling the personal data processing applied by the Controllers and collecting necessary data for regularly performance of its activities;
- checking all cases of cessation of the personal data processing regardless of the reasons which caused the cessation;
- issuing a ban on the further personal data processing by the Controller;
- Recorder of data for the personal data Collections kept by the Controllers, and the transfer of personal data to other states
- keeping Central Register;
- keeping records for personal data transfer to other states;
- Guardian of the natural person's rights in relation to the personal data protection
- acting upon complaints of individuals with regard to violation of the person's rights in relation to the personal data processing;
- taking care of the respect of the data protection principles;
- Representative of the Republic of Macedonia in the field of personal data protection in the international cooperation
- acting upon the requests from the foreign supervisory body of another state for exercising its competencies on the territory of the Republic of Macedonia;
- realizing international cooperation in the field of personal data protection and participating in the work of the international organizations and institutions dealing with personal data protection
4. Limitations of the national DPA
According the Law, the Directorate for Personal Data Protection has competency to supervise public and private sectors. Its competency does not cover the supervision of:
- personal data processing performed by natural persons exclusively for personal or household activities and
- personal data processing for the purpose of protection of the interests of the security and defence of the Republic of Macedonia or to conduct criminal procedure.
Directorate for Personal Data Protection
bul.„Goce Delcev“ no. 18
1000, Skopje, R.Macedonia