Law: Law on Personal Data Protection 2020 (only available in Macedonian here) ('the Law')
Regulator: Personal Data Protection Agency ('DZLP')
Summary: The Parliament of North Macedonia adopted the Law in early 2020. The Law is almost entirely aligned with the GDPR, even though North Macedonia is not an EU Member State. Derogations from the GDPR include a lower threshold for the exemption from keeping records of processing activities, special requirements for data protection officers, including the requirement of fluency in Macedonian, and the stipulation that processing for direct marketing purposes can only be conducted based on the data subject's consent. Furthermore, the Law has transformed the Directorate for Personal Data Protection into the DZLP, which has been given enhanced powers to, among other things, authorise standard contractual clauses ('SCCs') and Binding Corporate Rules ('BCRs'). In addition, North Macedonia is a signatory to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data 108/81 ('Convention 108').