Support Centre



Law: Law No. 06/L-082 on Personal Data Protection ('the Law')

Regulator: Information and Privacy Agency ('AIP')

Summary: Kosovo passed the Law in 2019. Although Kosovo is not an EU Member State, the Law is expressly aligned with the GDPR, and, similarly to the GDPR, sets out data subject rights, such as the right of access, right to rectification, and right to deletion. While the Law does not require organisations to register with the AIP prior to processing personal data, the AIP is mandated with issuing certifications to organisations processing data. The AIP has the power to impose fines for violations of the law of up to €40,000 or 2-4% of the annual turnover of the preceding year.