Data Privacy Compliance in the Cloud
Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

GDPR and its influence outside EU - Why, What, Who, When, How (Macedonia’s case study)

15.05.2018

GDPR is knocking on the door. Being a Europe’s country, and not being a European Union member country yet, does not release the country from its duty to do its best, to be compliant with GDPR.

Why?

The simplest answer would be, to be aligned with EU acquis. But the true answer is far more complex and logical. Real answer is actually to "acknowledge" the fact that, unlike before, today the processing of personal data is increasingly being carried out in an automated manner, and consequently to establish the protection of personal data and setup a privacy law in connection with the personal data processing in the new era. Additionally, it’s because of the country’s citizens and all data subjects in broader sense that live, work, study or stay in that particular country. Namely, in case of a scandal that is related to personal data breach, in this modern digital world, from data subject’s point of view, there is not much of a difference whether you are coming from EU or non EU country. On the other hand, if the country wants to achieve adequacy level regarding personal data protection, and hence secure free (less administrative) flow of information that contains personal data, then aligning with, and transposing GDPR is a must.

What?

GDPR is so powerful that even a narrow study will show that each and every non EU country from the Balkan Peninsula is preparing, or have prepared already, a law that will transpose it. Republic of Macedonia is not an exception. That is not on the occasion of GDPR only, but mainly because of the new and enhanced solutions in GDPR such are the new concepts (profiling, pseudonymization, genetic data, biometric data...); Principle of accountability; Right to be forgotten; Privacy by Design and by default; Data Privacy Impact Assessment; Data breach notification; Binding corporate rules…

Who?

Personal Data Protection Agency (PDPA), controllers and processors, all interested parties. PDPA will be the main locomotive that will pull in this process of aligning with GDPR. But locomotive without wagons could never be a train. Hence, all controllers, processors and other stakeholders will have to attach to the locomotive in order to have real personal data protection environment that secures privacy of all data subjects. 

When?

Macedonian law was submitted to the Delegation of EU to Skopje for an opinion, last January. We received expert opinion last march. It is expected that law will be adopted by the Parliament by the end of first half of this year (2018).

How?

After the adoption of the Law during 2018, PDPA will harmonize its operations and legislation by: adoption of all by-laws, participation in the harmonization of sectoral legislation, controllers and processors shall be obliged to harmonize their operation with the provisions of this Law within the appropriate period from the day this Law enters into force. 

 

Article provided by: Igor Kuzevski, Directorate for Personal Data Protection in Macedonia

 

Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

Director CPC project: Dr. Tobias Höllwarthtobias.hoellwarth@eurocloud.org

VIEW PROJECT

WHAT IS THE DPC/CPC PROJECT?

53 lawyers from 33 countries are contributing to the project “Data Privacy Compliance (DPC)/Cloud Privacy Check (CPC)” in 26 different languages.

Understanding the complexity of current European data protection laws and regulations is already difficult enough for an IT engineer, buyer, or business user. In combination with the often small but nevertheless significant differences between various EU member states, however, it can become an almost insurmountable challenge without proper juristic accompaniment from the very start... Read More

 

CPC MISSION & VISION STATEMENT, 2018

The CPC is a trusted, not-for-profit international network of qualified professionals who deliver simplified and straight-forward guidance to help navigate the legal and regulatory environment relating to privacy and the cloud. This is done through collective know-how, research and market analysis gained from pan-European industry activity, collaboration and experience. Our mission is to provide authoritative views, information and practical solutions to two principal stakeholders: industry professionals and public authorities.