Personal Data Protection

The new law for personal data protection transposing the EU’s General Data Protection Regulation (GDPR)  in North Macedonia is effective as of February 2020, and the transition period for compliance ends in August 2021!

With the new changes, unlawful collection or storage of personal data as well as a personal data breach could cost your organization a financial penalty of up to 4% of the total annual turnover.

Number of new obligations have been introduced with the new law, such as:

  • obligation to apply personal data protection in the design and implementation of every service, product or business process  
  • obligation to maintain a record of processing activities
  • obligation for transparency and effective response to data subject rights to access, correct, erase, port and object to their data processing;
  • obligation to perform a privacy impact assessment for high risk data processing activities;
  • obligation to notify the data protection authority of data protection breaches

The new requirements are complex and ask for a risk-based approach, therefore companies must begin remediation efforts to ensure compliance. 

Our team of experts with extensive experience in personal data protection, IT security and risk management, is ready to help you with all the challenges ahead. 


Discover our services:

Gap Analysis

Your challenges

  • Have you assessed the readiness of your organisation in relation to the new Law on personal data protection and GDPR?
  • Have you identified key stakeholders within the organisation?
  • Are you aware of the main risks for the organisation related to implementation of the new Law for personal data protection and GDPR?
  • Have you identified the possible areas of improvement?
  • Did you prioritise the remediation steps of your compliance project in an actionable roadmap with manageable deadlines?

What does it include?

Comprehensive personal data protection health-check of your organization, whilst involving and training the key stakeholders;

Identification of risks by data privacy experts;

Specific recommendations tailored to your organisation;

Detailed action plan adapted to your situation.

Key benefits

Timely assistance by a team of legal and IT experts in the field;

Continuous communication with you in the project, ensuring alignment with ongoing projects;

Standardized and proven risk assessment approach throughout the organisation.

Key deliverables

Gap & risk identification report, including recommendations to address identified gaps;

Remediation roadmap ordered by importance of actions and estimated workload for completion, incl. identification of "low-hanging fruits".

Implementation Assistance

Your challenges

Is the understanding of the Law on personal data protection and GDPR sufficient to draft policies and procedures, covering all necessary areas?

Were you able to identify all personal data processing activities?

Do you have experienced resources available to implement your remediation plan?

How do you ensure a correct "roll-out" and "buy-in" of the implemented measures within the organisation?

How do ensure proper change management in your organisation?

What does it include?

Application of best practices and adapting them fully to your organisation;

Drafting of relevant procedures and policies;

Assistance with change management.

Key benefits

Timely implementation by a team of experts in the legal and IT field;

On-the-go training and continuous involvement of your stakeholders;

Enjoying flexibility and a tailored approach, aligned with your organisation's business objectives.

Key deliverables

Drafting relevant policies and procedures;

Inventory of personal data processing;

Control framework for IT security;

Developing monitoring tools.

DPIA Completion

Your challenges

Have you correctly identified all high-risk personal data processing activities requiring a DPIA?

Do you have a proper methodology to conduct DPIAs?

Did you consider all mandatory steps of a DPIA?

Are you sure to have correctly assessed the corresponding risks?

Have you discussed with the appropriated persons, when conducting the DPIA?

What does it include?

An evaluation of processing activities requiring a DPIA;

Identification of the relevant risks;

Assessment of the risks, security measures in place and evaluating the remaining risks.

Key benefits

Timely performance of tasks by a team of experts in the field;

Involvement of and consulting the DPO at each step of the DPIA process;

Involvement of the personal data processing owners;

"Outsider" view of the organisation and risk assessment approach.

Key deliverables

Tailored DPIA methodology;

List of processing activities, where a DPIA is required;

Completed DPIAs, including risk assessments, evaluations and conclusions.

DPO Expert as a Service

  • inform and advise the Company and its employees who carry out processing of their obligations pursuant to applicable regulations for personal data protection;
  • representation before the Agency for Personal Data Protection, on issues relating to data processing, including communicating and providing information and explanations, prior consultations, etc.
  • performing regular controls of the compliance of the Company with the personal data protection regulations and with the policies of the Company in relation to the protection of personal data;
  • awareness-raising and training of staff involved in processing operations;
  • providing advice and support in regard to the data protection impact assessment process, when applicable;

Contact us

Ivan Mishev

Ivan Mishev

Attorney-at-law , Papazoski and Mishev Law Firm, Macedonia

Tel: +389 23140 940

Kiril  Papazoski

Kiril Papazoski

Attorney-at-law , Papazoski and Mishev Law Firm, Macedonia

Tel: +389 23140 940