The new law for personal data protection transposing the EU’s General Data Protection Regulation (GDPR) in North Macedonia is effective as of February 2020, and the transition period for compliance ends in August 2021!
With the new changes, unlawful collection or storage of personal data as well as a personal data breach could cost your organization a financial penalty of up to 4% of the total annual turnover.
Number of new obligations have been introduced with the new law, such as:
The new requirements are complex and ask for a risk-based approach, therefore companies must begin remediation efforts to ensure compliance.
Our team of experts with extensive experience in personal data protection, IT security and risk management, is ready to help you with all the challenges ahead.
Your challenges
Comprehensive personal data protection health-check of your organization, whilst involving and training the key stakeholders;
Identification of risks by data privacy experts;
Specific recommendations tailored to your organisation;
Detailed action plan adapted to your situation.
Timely assistance by a team of legal and IT experts in the field;
Continuous communication with you in the project, ensuring alignment with ongoing projects;
Standardized and proven risk assessment approach throughout the organisation.
Gap & risk identification report, including recommendations to address identified gaps;
Remediation roadmap ordered by importance of actions and estimated workload for completion, incl. identification of "low-hanging fruits".
Is the understanding of the Law on personal data protection and GDPR sufficient to draft policies and procedures, covering all necessary areas?
Were you able to identify all personal data processing activities?
Do you have experienced resources available to implement your remediation plan?
How do you ensure a correct "roll-out" and "buy-in" of the implemented measures within the organisation?
How do ensure proper change management in your organisation?
Application of best practices and adapting them fully to your organisation;
Drafting of relevant procedures and policies;
Assistance with change management.
Timely implementation by a team of experts in the legal and IT field;
On-the-go training and continuous involvement of your stakeholders;
Enjoying flexibility and a tailored approach, aligned with your organisation's business objectives.
Drafting relevant policies and procedures;
Inventory of personal data processing;
Control framework for IT security;
Developing monitoring tools.
Have you correctly identified all high-risk personal data processing activities requiring a DPIA?
Do you have a proper methodology to conduct DPIAs?
Did you consider all mandatory steps of a DPIA?
Are you sure to have correctly assessed the corresponding risks?
Have you discussed with the appropriated persons, when conducting the DPIA?
What does it include?
Identification of the relevant risks;
Assessment of the risks, security measures in place and evaluating the remaining risks.
Timely performance of tasks by a team of experts in the field;
Involvement of and consulting the DPO at each step of the DPIA process;
Involvement of the personal data processing owners;
"Outsider" view of the organisation and risk assessment approach.
Tailored DPIA methodology;
List of processing activities, where a DPIA is required;
Completed DPIAs, including risk assessments, evaluations and conclusions.
Attorney-at-law , Papazoski and Mishev Law Firm, Macedonia
Tel: +389 23140 940