In the period from 4th to 8th October 2021, AZOP experts have conducted three expert missions within EU funded Twinning project “Support to the Implementation of the Modernised Data Protection Legal Framework”. The first expert mission within Component 3, dedicated to raising awareness of data controllers and processors on personal data protection, was focused on the needs of the SMEs in relation to compliance with the Law on Personal Data Protection. According to the results of the survey conducted with SMEs in North Macedonia, they find compliance as a huge administrative and expensive burden. In addition, they don’t feel well informed abut their new obligations and don’t feel capable to understand and to comply with the obligations arising from the new Law on personal data protection.
This problem was also recognized on the EU level, that’s why the European Commission is encouraging data protection authorities to engage with SMEs through EU-funded projects. In order to facilitate SMEs compliance with the GDPR, AZOP is implementing EU-co-funded project Awareness Raising Campaign for SMEs. Iva Katić, one of our best experts in the ARC project, shared her experiences with colleagues from PDPA that she gained through very intensive engagement with SMEs. In addition, she held meetings with The Business Confederation of Macedonia (BCM), The Organization of Employers of Macedonia (OEM), Economic Chamber of North Macedonia, Macedonian Work Protection Association, the Economic Chamber of North-West Macedonia, in order to better understand the needs and specific issues of SMEs i in relation to data protection compliance. Together with colleagues from PDPA https://dzlp.mk/, Iva developed tailored-made training materials for the SMEs and frequently asked questions for data controllers. Our colleagues from the PDPA will use this material to conduct online trainings that will meet the needs of micro, small and medium enterprises in North Macedonia.
The second expert mission was focused on data protection officers (DPOs). Maja Peran has conducted meetings with DPOs from the public and private sectors to get deeper insights into the main problems they are facing and find out what kind of training materials would be useful for them in order to reach a higher level of personal data protection compliance. During these meetings, one of the conclusions is that it would be useful to create Guidelines for DPOs that would contain definitions and practical examples that represent best practices in the implementation of legislation related to personal data protection within organizations. It was also agreed to develop a presentation that DPOs could hold to train employees in their organizations, with the goal to raise awareness on personal data protection in order to prevent misuse of personal data and data breaches.
Antonio Katavić conducted the expert mission within the Component 1, “Legal and institutional framework for implementation of the novelties of the new Law for Personal Data Protection strengthened”. Antonio held meetings with the representatives of the Ministry of Justice and members of the PDPA Misdemeanour commission in order to be able to develop standard operating procedure with criteria for determining fines according to the Law on Personal Data Protection that meet the needs of the PDPA.
