Annual Report - Вести од ДЗЛП Report 2015 - English... · 2015 ANNUAL REPORT ... Rules of the Government of the Republic of Macedonia ... to strengthen the supervisory

2015 ANNUAL REPORT of the DIRECTORATE FOR PERSONAL DATA PROTECTION

www.privacy.mk „Everyone has a right to privacy“

1

Annual Report 2015



2

Contents GLOSSARY OF MOST OFTEN USED TERMS ......................................................................................... 4

1. INTRODUCTION .......................................................................................................................................... 7

1.1 Legal framework, status and location ..................................................................................................... 7

1.2. Competences .............................................................................................................................................. 9

2. MANAGEMENT POLICIES AND STRATEGIC PLANNING .............................................................. 11

2.1 Operations Strategy .................................................................................................................................. 11

2.2 Analysis of operations .............................................................................................................................. 11

2.3 Human Rerources and Administration .................................................................................................. 12

3. FINANCIAL OPERATIONS ....................................................................................................................... 16

3.1. Implemenation of the budget in 2015 – ACCOUNT TYPE 637 ....................................................... 16

3.2. Implementaion of the budget for 2015 – ACCOUNT TYPE 631 ................................................... 19

3.3 Implementation of the budget – ACCOUNT TYPE 785 .................................................................... 23

4. Inspection ...................................................................................................................................................... 23

4.1 Preformed inspections .............................................................................................................................. 23

4.2. Administrative disputes and infringement procedures ..................................................................... 28

4.3. Ascertaining the conditions of inspections oversight in certain areas: ......................................... 29

5. COMPLAINTS .............................................................................................................................................. 36

5.1. Acting on received complaints............................................................................................................... 36

5.2 Issuing permits for data transfer ............................................................................................................ 40

5.3 Approvals for processing biometric data .............................................................................................. 42

5.4 Access regarding the request for free access to public information .............................................. 42

5.5 Opinions and suggestions ....................................................................................................................... 43

5.6. Expert opinions on materials, draft laws, by-laws, and other draft regulations under the Rules of the Government of the Republic of Macedonia......................................................................... 43



3

5.7. Opinions of the compliance of the documentation of the controllers with the provisions of the Law on Personal Data Protection .......................................................................................................... 45

5.8. Opinion regarding the implementation of regulations on protection of personal data (at the request of the controllers of different grounds) .......................................................................................... 46

6. CENTRAL REGISTER OF COLLECTIONS OF PERSONAL DATA ............................................... 46

6.1. Registered controllers and personal data collections ...................................................................... 46

6.2 Personal data protection officer ............................................................................................................. 50

7. TRAINING ..................................................................................................................................................... 52

8. COMMUNICATION AND PUBLIC RELATIONS .................................................................................. 58

8.1. Increasing public awareness ................................................................................................................. 58

8.2. Cooperation with media .......................................................................................................................... 58

8.3. „28 January“– Celebrating the European Day for Data Protection ............................................... 59

8.4. 10 year anniversiary – Directorate for personal data protection! .................................................. 63

8.5 Initiatives ...................................................................................................................................................... 64

8.6 Cooperation with civil society and NGOs ............................................................................................. 66

8.7 Signed Memorandums ............................................................................................................................. 70

9. INTERNATIONAL COOPERATION ........................................................................................................ 71

9.1. Activities related to the process of European integration ................................................................ 71

9.2. Following the European legislation on protection of personal data .............................................. 73

9.3. Participation in the EU bodies for the protection of personal data ................................................ 73

9.4. Use of EU funds........................................................................................................................................ 81

9.5 Bilateral and multilateral cooperation .................................................................................................... 83

10. PRIORITIES FOR 2016 ........................................................................................................................... 85



4

GLOSSARY OF MOST OFTEN USED TERMS Article 2 of the Law for protection of personal Data ("Official Gazette of the Republic of Macedonia" No.7/2005) and the amendments to the Act ("Official Gazette" No. 103/08, 124/10, 135/11 defines the meaning of the following terms: 1. “Personal data” shall be any information pertaining to an identified natural person or person that can be identifiable, the identifiable entity being an entity whose identity can be determined

directly or indirectly, especially as according to the personal identification number of the citizen or on the basis of one or more characteristics, specific for his/her physical, mental, economic, cultural or social identity; 2. “Personal data processing” shall be every operation or a sum of operations performed on personal data, automatically or otherwise, such as: collection, recording, organizing, storing, adjusting, or altering, withdrawing, consulting, using, revealing through transmitting, publishing or making them otherwise available, aligning, combining, blocking, deleting or destroying; 3. “Personal Data Collection” shall be a structured group of personal data available in accordance to specific criteria, regardless whether it is centralized, decentralized or dispersed on a functional or a geographical basis.

4. “Personal Data Subject” shall be any natural person to whom the processed data refer to; 5. “Controller of the Personal Data Collection” shall be any natural person or legal entity, a state administration authority or other authority, who independently or together with others

determines the purposes and the ways of personal data processing (hereinafter: the controller).

When the purposes and the ways of personal data processing are determined by law or any other

regulation, the same law, i.e. regulation determines the controller or the special criteria for his/her

selection; 6. “Personal Data Collection Processor” shall be a natural person or a legal entity or a legally authorized state administration authority processing the personal data on the behalf of the controller;



5

7. “Third Party”, shall be any natural person or legal entity, a state administration authority or other authority, which is not a personal data subject, a controller, a Personal Data Collection Processor or any person who, under a direct authorization by the controller or by the Personal Data collection processor is authorized to process the data; 8. “User” shall be any natural person or a legal entity, a state administration authority or other authority, to whom the data are disclosed. 9. “Consent of the personal data subject” shall be freely and explicitly given statement of will, of the personal data subject whereby (s)he agrees to the processing of his/her personal data for previously determined purposes; 10. “Special categories of personal data” shall be personal data revealing the racial or ethnic origin, the political views, religious, philosophical or other beliefs, membership in a trade union and data relating to the health condition of the people, including genetic data, biometric data or data referring to the sexual life; 11. “Third country” shall be a country not being a European Union member or not being a member of the European Economic Community. Other terms used in this Report 12. The most important international laws governing the right to privacy: the Universal Declaration of Human Rights, the European Convention on Human Rights and the International Covenant on Civil and Political Rights. 13. The right to privacy in the Constitution of the Republic of Macedonia: encompasses some basic rights: to every citizen is guaranteed the respect and protection of the privacy of

his/hers personal and family life, dignity and reputation, every citizen is guaranteed the

inviolability of the home, thus, right to inviolability of the home may be restricted only by a court

order when the detection or prevention of crime or the protection of human health; security and

confidentiality of personal data are guaranteed; freedom and secrecy of correspondence and

other forms of communication are guaranteed, there can be a restriction from this right only by

virtue of a court decision and the appropriate legal action.

2015 ANNUAL REPORT

of the DIRECTORATE FOR PERSONAL DATA PROTECTION


6

LIST OF ABBREVIATIONS

EDPS European Data Protection Supervisor

DPDP Directorate for Personal Data Protection

EC European Commission

ЕU European Union

MOI Ministry of Internal Affairs

MES Ministry of Education and Science MF Ministry of Finance

МЕ Ministry of Economy

МAFW Ministry for Agriculture, Forestry and Water economy МJ Ministry for Justice

HIFM Health Insurance Fund of Macedonia RM Repubic of Macedonia

BED Bureau for Education Development

NGO Non-Governmental Organization NERR National Electronic Regulations Registry

MISA Ministry for Information Society and Administration МLSP Ministry for Labor and Social Policy

2015 ANNUAL REPORT



7

1. INTRODUCTION

1.1 Legal framework, status and location

The Law on Personal Data Protection from 2005 ("Official Gazette of the Republic of Macedonia" no. 7/2005) provides for the establishment of the Directorate for Personal Data Protection, which will be responsible for supervising the legality of actions taken for processing of personal data and its protection on the territory of the Republic of Macedonia.

In the Republic of Macedonia the right to protection of personal data is regulated in Article 18 of the Constitutional Act of the Republic of Macedonia in 1991: "The safety and confidentiality of personal data are guaranteed. Citizens are guaranteed protection from

violation of their personal integrity resulting from the registration of information through their data processing", while the right to privacy is defined in Article 17, 25 and 26 from the Constitutional Act.

The Law on Protection of Personal Data ("Official Gazette of the Republic of Macedonia" no. 7/2005) and the amendments to the Act ("Official Gazette" No. 103/08, 124/10, 135/11) is completely in compliance with the Directive of the European Parliament and of the Council 95/46/EC.

The legal framework for the protection of personal data in the country complements

the Law on Ratification of the Convention of the Council of Europe br.108/81 for the

Protection of Individuals with regard to Automatic Processing of Personal Data ("Official

Gazette" No. 07/2005), ratified on 24.03.2006 and entered into force on 01.07.2006. The

Parliament of the RM in 2007 have ratified the Additional Protocol to the Convention

regarding supervisory authorities and transborder of data.

After the ratification of the Additional Protocol in 2008, the Law on Amendments to the Law on Protection of Personal Data ("Official Gazette" No. 103/09) is adopted in order to strengthen the supervisory role of the Directorate for Protection of Personal Data and harmonization of national legislation with the EU acquis.

In 2010 are the second made amendments to the Law on Protection of Personal Data ("Official Gazette" no. 124/10) that ensure compliance of legislation and rule of law, the transposition of the European Union acquis, the harmonization of the Law on protection

of personal data with the national legislation of the Republic of Macedonia and the establishment of a more efficient system of protection of personal data.

2015 ANNUAL REPORT



8

The right of protection of personal data and the right to privacy are different human rights. Due to great importance of privacy for the individual, in most countries in the world this right is regulated by the Constitutional Act of the country as the highest constitutive act of the state, as is the case with the Republic of Macedonia.

In our Constitutional Act, in the section titled to Civil and Political Rights and Liberties, several human rights are included that are components of the right to privacy, since privacy is broad, complex concept or sublimate of few individual rights. In this sense, it is important to mention the following rights:

Every citizen is guaranteed the respect and protection of the privacy of his/hers personal and family life, the dignity and reputation (Article 25).

Every citizen is guaranteed the inviolability of the home. The right of inviolability of

the home may be restricted only by a court decision when detection or prevention of crime is an issue or the protection of citizens health (Article 26).

The freedom and confidentiality of correspondence and all other forms of

communication is guaranteed. This right may be restricted only based on a court decision and in an appropriate legal proceedings (Article 17).

The rise of the right to privacy to the level of constitutionally guaranteed human right

indicates the great importance of this right of the individual, which carries certain rights/powers and duties/responsibilities as for the individual holder of the right and the other individuals, but and the state and its institutions as well.

Privacy is one of the fundamental human rights established and governed by the

most important international legal documents including the Universal Declaration of Human

Rights, the European Convention on Human Rights and the International Covenant on Civil

and Political Rights. According to the Universal Declaration of Human Rights, an act of

largest global international organization - UN: "No one shall be subjected to arbitrary

interference with his pri-vate and family life, home or correspondence, nor to attacks upon

his/hers honor and reputation. Everyone is entitled to legal protection against such

interference or attacks."

A similar definition gives the Council of Europe, as the most important international

organization in the field of promotion and protection of human rights and freedoms in Article

8 of the European Convention on Human Rights, according to which: "Everyone has the

right to respect for his private and family life, home and correspondence. Public authorities

should not interfere in the exercise of this right except such as is in accordance with the law

and is neces-sarily needed in a democratic society, which is in the interests of public safety,

2015 ANNUAL REPORT



9

the economic well-being of the country, for the prevention of public disorder or crime, for the

protection of health or morals, or for the protection of the rights and freedoms of others."

The Republic of Macedonia joined the Convention for the Protection of Human Rights and Fundamental Freedoms of the Council of Europe in 1995, ratified on 10 April 1997, which supplements the legal framework for the protection of human rights and fundamental freedoms.

1.2. Competences

The Directorate for Personal data protection is the creator of a policy for consistent implementation of regulations on protection of personal data at national level, in particular:

Preparing and adopting bylaws related to the implementation of regulations on

protection of personal data

Provides opinions of draft laws from different areas

Provides opinion on the laws of controllers in the field of personal data protection

Develops policies and provides guidance on protection of personal data on

national level

Provides opinion on draft codes of conduct relating to the protection of personal

data

Lawfulness and fairness of the processing of personal data

Supervise the lawfulness of the processing of personal data in accordance with

the provisions of the Law on protection on personal data

Issues prior approval to process personal data

Issues ban on further processing of personal data controller

Body responsible for keeping a register and records

Keeps a central register of collections of personal data controllers and processors

Keeps a record of the transfer of personal data to other states

Issues approval for transfer of personal data to other states

2015 ANNUAL REPORT



10

Promoter/guardian to the right of personal data protection

Decides on iniatives from citizens to preform inspection

Decides on submitted requests for establishing an infrigement

of the right to protection og personal data

Acts upon complaints from individuals regarding the illegality in

the processing of their personal data

Conitnuial education of controllers and processors and

provides technical assistance upon request

Lead infringement proceedings by the Commission for

misdemeanor in accordance with Law

Single national authority responsible for implementing the legislation on

protection of personal data

Decides upon requirements of supervisory authorities in the

field of protection of personal data to other states in the

performance of their activities through legal assistance of the

Republic of Macedonia

Establishes cooperation with other international bodies for the

protection of personal data, participate in the work of

international committies and institutions.

Preforms other duties prescribed by law

2015 ANNUAL REPORT



11

2. MANAGEMENT POLICIES AND STRATEGIC PLANNING

2.1 Operations Strategy Following the strategic goal and working priorities for 2015, annual documents were

adopted for the Directorate of Personal Data Protection and published on the web site of the

Directorate: Annual Work Program for 2015 and Annual program for inspection for 2015 and

monthly plans for preforming inspection during 2015. Thus, the Directorate is recognized as

an entity and subject in its work which manifests professionally organized and transparent

monitoring of performance by all involved parties and stakeholders in the implementation of

the strategic priorities and setting clear goals for work within an entire year.

In addition, all controllers are timely informed on the work plans of inspection, as

well as areas that are covered by the annual work program. The basic development policies

of the Directorate for Personal Data Protection were fully aimed toward implementation of

the strategic priorities for ensuring the legality and fairness of the processing of personal

data, as well as transparent and efficient system of exercising the right of personal data

protection of every citizen.

In this regard, special attention was paid to the realization of many forms of

cooperation, several initiatives to change the perception of privacy and the right to

protection of personal data.

2.2 Analysis of operations

Professional performance means setting a measuring mechanism to monitor and

assess the extent of organized activities during the reporting year. At the same time,

through the procedure of analysis of the performed activities after the lapse of a certain

period, the planning process is done properly, organized and on an quality manner, and

are subject of mechanism of continuous monitoring, measurement of efficiency and quality

management in accordance with ISO standards 9001: 2008. On this way, the Directorate for

Personal Data Protection is able to take into account the planned activities for the next

period, including the planned risks and challenges in the period 2015 – 2017.

http://dzlp.mk/en/node/2414


http://dzlp.mk/sites/default/files/u4/Godisna_programa_inspekcija_2015_0.pdf

2015 ANNUAL REPORT



12

The policy of quality management means setting procedures both professionally and

properly. The Directorate for personal data protection works according to requirements of

the international standard EN ISO 9001: 2008 the working procedures in all segments were

revised and improved, mechanisms for measuring efficiency, and documentation which has

to be produced. Thus, the Directorate for personal data protection accomplished a

significant step forwad towards building a reputation of a credible and independent entity

concerned with quality strategic management as well as for professionalizing of the services

which provides. In this regard, the Report on the efficiency and effectiveness of the system

of financial management and control and internal audit of the Directorate for personal data

protection was published.

In accordance with the Report of Attendace of Facebook and information on the

most visited published documents/information on the web site on the Directorate it was

determined that the planned activities of the Communication Strategy for 2015 are fully met,

taking into account the increase of 30% of attendance on the Facebook profile of DPDP,

and 30% increase in visits on the web site of the Directorate in the last three months of

2015.

2.3 Human Rerources and Administration

Within the Rulebook for systematization of jobs in the Directorate for Personal Data

Protection no.01-981/1 from 31.03.2015, 43 positions of administrative officers (state)

distributed by units in accordance with the Rulebook for internal organization of the

Directorate for Personal Data Protection no. 01-980/1 from 31.03.2015 of which 24

positions are filled.

As of 31.12.2015 the number of filled jobs in the Directorate for personal data

protection is as follows:

- 23 positions of administrative officers (state)

- 2 positions of auxiliary technical staff

- 1 person for part time

During 2015 one employee was hired (one) 1 executor to carry out duties in the

Department of European integration, programming, implementation, monitoring, and

evaluation and international cooperation, because of temporarily increased workload to a

certain period of time until 31.12.2015.

Hence, the Directorate has 26 employees until 31.12.2015.

http://dzlp.mk/mk/node/2847





2015 ANNUAL REPORT



13

Table No.1

Gender structure of employees

Table No.2

Age of employees

Speical attention was paid to implementation and and capacity management

workflows and adjustment of the internal organization according to the needs of the

established dynamics of operations. Professional development and training is conducted on

the basis of previously adopted Annual training program for civil servants of the Directorate.

In 2015, specialized trainings were organized financed from the project „Continued

support for the promotion of the protection of personal data” and on the following topics:

“Penetrations testing and vulnerability screening/Risk Management” (13.10.2015) and “Web

applications and mobile devices security” (27.10.2015) included 14 people in the training:

- Training for mentors – 14 people

- System for knowledge management – 14 people

- EU fundamentals, human resource management – 14 people

- Assitance to citizens who have certain type and degree of disability – 14 people

25-34

35-44

45-54

55-65

65% 35%

2015 ANNUAL REPORT



14

Additionally, a generic training was conducted entitled “Art of communication” for all

administrative officers financed by the Directorate for personal data protection.

In 2015, employees attented on 10 trainings (generic and specialized)

Table No.3

Table No.4

Year Number of trainings

2010 7

2011 17

2012 19

2013 27

2014 28

2015 10

0

5

10

15

20

25

30

Training for employees

2010

2011

2012

2013

2014

2015

2015 ANNUAL REPORT



16

3. FINANCIAL OPERATIONS

3.1. Implemenation of the budget in 2015 – ACCOUNT TYPE 637

Balance sheet account 2015 for account 637 accepted on 22.02.2016 with the

following indicators:

Table no.5

денари

Total budget for 2015 17.844.000,00

Realized income (transfers from the state budget) 17.143.170,00

Achieved total costs 17.143.170,00

Net surplus of income (profit before tax) 0

Tax from revenue excess – profit 0

Net surplus income – income transfer for the next year 0

Of the total approved budget of the Directorate for 2015 in the amount of 17,

844,000,00 denars, 96.07% were realized or 17.143.170,00 denars. Regarding the

structure of the entire approved budget allocations of funds during 2015, 14.074.000,00

denars or 78,87% of the assets relate to basic salaries and social security contributions,

where 3.770.000,00 or 21,13% from the assets relate to goods and services.

Structure of the improved budget for 2015

401 - Salaries

402 - Social secutiry

420 - Travel and daily expenditures

421 - utilities, heating, communication andtransport

423 - Materials and inventory

424 - Repairs and maintenace

425 - contracting services

426 - Other



17

Table no.6 – Review of the implementation of funds per items in 2015

Realization of financial means per items in 2015

401 - Salaries

402 - Social security

420 - Travel and daily expenditures

421 - utilities, heating, communicationand transport

423 - Мaterials and inventory

424 - Repairs and maintenace


426 - other

Item Budget 2015 Realization % of Realization

401 10.224.000 9.907.432 96,90

402 3.850.000 3.668.390 95,28

420 410.000 335.692 81,88

421 1.850.000 1.731.771 93,61

423 250.000 239.885 95,95

424 320.000 320.000 100

425 620.000 620.000 100

426 320.000 320.000 100

Total 17.844.000 17.143.170 96,07



18

Table no.7 Comparative overview of the implementation of funds per items in 2015

Item Realization 2014 Realization 2015 2015/2014 in %

401 9.097.844 9.907.432 108,90

402 3.364.970 3.668.390 109,02

420 290.000 335.692 115,76

421 1.616.478 1.731.771 107,13

423 150.000 239.885 159,92

424 190.000 320.000 168,42

425 590.000 620.000 105,08

426 425.000 320.000 75,29

464 15.000 0 /

485 0 0 /

Total 15.739.292 17.143.170 108,92

0

2.000.000

4.000.000

6.000.000

8.000.000

10.000.000

12.000.000

Comparative overview of the implementaion of funds per items in 2015 compared to 2014

2014

2015



19

3.2. Implementaion of the budget for 2015 – ACCOUNT TYPE 631

Balance sheet account 2015 for account 637 accepted on 22.02.2016 with the

following indicators:

Table No.8

денари

Total budget for 2015 5.300.000,00

Income trasfered from previous year 932.013,00

Achieved total income 1.141.418,00

Achieved total cost 1.482.153,00

Net revenue surplus (profit before tax) 591.278,00

Tax revenue surplus (profit) 0,00

Net revenue surplus (profit for transfer in next year) 591.278,00

The Directorate for personal data protection on the basis of training for the

protection of personal data to intersted controllers and processors of personal data, for

2015 generated revenue of 1.141.418,00 denars.

Of the total approved budget of the projected reveneues of the Directorate for 2015

in the amount of 5.300.000,00 denars, 27,97% were realized or 1.482.153,000 denars.

Regarding the structure of the approved budget, 96,23% or 5.100.000,00 denars from

assets are referreing on goods and services, where 3,77% or 200.000,00 denars from the

assets are referreing to capital expenditures.



20

Table no.9 Review of the implementation of funds at rates in 2015

Structure of the total approved budget for 2015

420 - Travel and daily expenses

421 - utilities, heating, communication andtransport

423 - Materials and inventory

424 - reparis and maintenance


426 - other

480 - buying equipment and machines

485 - investment and non financial assets

Item Budget 2015 Realization % of realization

420 1.650.000 667.886 40,48

421 1.050.000 0 0,00

423 500.000 80.259 16,05

424 300.000 271.477 90,49

425 800.000 333.894 41,74

426 800.000 48.449 6,06

480 100.000 80.188 80,19

485 100.000 0 0,00

Total 5.300.000 1.482.153 27,97



21

Table no.10 Comparative overview of implementation of funds in rates – 2015 compared to 2014.

Item Realization 2014 Realization 2015 2015/2014 in %

420 999.016 667.886 66,85

421 189.647 0 0,00

423 63.748 80.259 125,90

424 206.470 271.477 131,48

425 650.000 333.894 51,37

426 290.508 48.449 16,68

480 58.116 80.188 137,98

Total 2.457.505 1.482.153 60,31

0

200.000

400.000

600.000

800.000

1.000.000

1.200.000

Comparative review of realization of funds per items - 2014 compared to 2015

2014

2015



22

Balance sheet account 2015 for account 785 of the Directorate is accepted on

22.02.2016 with the following indicators:

Table No.11

денари

Earnings transfer from the previous year 17.180.941,00

Total income achieved 17.180.941,00

Total cost achieved 16.047.756,00

Net revenue surplus (profit before tax) 1.133.185,00

Tax revenue surplus (profit) 0,00

Net revenue surplus – profit for transfer in the next year 1.133.185,00

The Directorate for personal data protection, on the basis of donating contract with

the Norwegian Ministry of Foreign Affairs, during 2015 has realized a total income of

17.180.941,00 denars, as an inflow transferred from 2014 in respect of the contract MAK-

14-0014, for the implementation of the project „Continued support for the promotion of the

protection of personal data”. From the total revenues available on the basis of contracts for

donations for 2015, 93,40% were realized or 16.047.756,00 denars.

Regarding the structure of use of funds, 95,71% or 15.359.796,00 denars of the assets are

related with goods and services, and 4,29% or 687.960,00 denars are capital expenditures.

Structure of realized expenses in 2015

420 - Travel and daily

expenses

425 - Contract services

426 - Other ongoing expenses

480 - Purchasing of

equipment and machines

485 - Purchasing a furniture



23

3.3 Implementation of the budget – ACCOUNT TYPE 785 Table no.12 Overview of the implementation of funds at rates in 2015

4. Inspection

4.1 Preformed inspections

The main responsibility of the Directorate is supervising the legality of actions taken

in the processing of personal data and their protection in the Republic of Macedonia. The

main competence of the Directorate is supervising the legality of actions taken in the

processing of the personal data and their protection on the territory of the Republic of

Macedonia. The comptence of the Directorate arises from Article 37 of the Law on

Protection of Personal Data ("Official Gazette of the RM" No. 7/05, 103/08, 124/10 and

135/11) and implemented through inspectors for protection of personal data. In order to

implement the inspection given competence within the Directorate for Protection of

Personal Data there is a Sector for conduting inspection with two departments (Department

for inspection supervision in the public sector and the Department for inspection supervision

in the private sector). Inspections are planned on an annual basis, by sector based approach, with a

Program given at the end of the current year for the following year, and implemented

through monthly plans for inspection whereas the controllers are specified, the collections

that are inspected and the date of commencement of inspection supervision. The annual

programe for 2015 and the monthly plans for inspection (January – December 2015) is are

published on the web site of the Directorate www.dzlp.mk and www.privacy.mk

Item Realization

420 1.681.848,00

425 12.482.500,00

426 1.195.448,00

480 204.460,00

485 483.500,00

Total 16.047.756,00

http://dzlp.mk/sites/default/files/u4/Programa_za_rabota_DZLP_2015.pdf

http://dzlp.mk/sites/default/files/u4/Programa_za_rabota_DZLP_2015.pdf

http://www.dzlp.mk/

http://www.privacy.mk/



24

Performance of regular inspections is carried out in precisely determined deadlines defined by law and through a procedure during the inspection supervision. Inspectors in the course of performing regular inspections perform education of the controllers and processors for the right to protection of personal data.

On the website of the Directorate basic information concerning the inspection

supervision (regular, irregular and control) is published, also forms for Initiative

commencing inspections and Requests to establish a violation of the right to protection of

personal data, with the aim of facilitating to the citizens to take action if they believe their

privacy rights have been violated. The Basic Checklist and Guidelines for its filling is

published as well, the controllers themselves can determine whether consistently comply

with the provisions of the Law on protection of personal data. The statistical summary for 2015 and the comparative review of inspection in the

last five years indicate continuity of effective implementation of inspection.

TABLE NO.13

TABLE NO.14

0

100

200

300

400

500

2010 2011 2012 2013 2014 2015

Year Number of preformed inspections

2010 117

2011 146

2012 368

2013 387

2014 404

2015 394

http://dzlp.mk/en/inspection



25

During the reporting period of 2015 a total of 394 inspections were prefromed out of

which 301 are regular inspections, 84 iregullar inspections, and 9 control inspections.

TABLE NO.15 Review of inspection by type of inspection supervision

Type of supervision

Number

Regular 301

Iregullar 84

Control 9

Total 394



26

Based on the analysis of preformed inspections from the inspectors and authorized

subjects of the Directorate for personal data protection, in the period from 01 January until

31 December, the following indicators were generated:

1. From 01.01.2015 to 31.12.2015 a total of 394 inspections were started and

preformed. During the year, inspections were carried out by 9 inspectors and 3 authorized subjects for preforming inspection.

Year 2015

Regular inspection

Iregullar inspection

Control inspection

Total

Month Number of supervision

Number of supervision

Number of supervision

Number of superivision

January / 5 / 5

February 33 7 / 40

March 37 5 2 45

April 27 8 / 35

May 55 6 / 61

June 36 4 / 40

July 22 12 1 35

Аugust / 5 / 5

Septrember 23 6 2 31

October 22 7 2 31

November 24 11 / 35

December 22 7 2 31

Total: 301 84 9 394



27

2. Out of 394 inspections, 301 were regular inspections, 84 iregullar, and 9 control

inspections.

3. Out of 301 regular inspections, 240 were preformed in the public sector and 61 in the

private sector.

4. Out of 84 preformed irregular inspections, 24 were in the public sector and 60 in the

private sector

5. Out of 9 preformed control inspections during 2015, 4 were in the public sector and 5 in the private sector.

- For 2 (two) irregular inspections, control inspections were preformed and in that

matter records were created.

6. In 2015 two infringement procedures were initiated.

Regular inspections during 2015 were conducted in the following areas: state

agencies, education, banks and saving houses, textile industry, telecommunication, child

protection, broadcasting, transport and other areas, according to the Annual program for

performing inspection. Emergency inspection preformed by an application, request or

review of the inspector were conducted in the fields of sports, security, video survelliance,

trade, telecommunication and education.

The presence of inspections by areas is given below

TABLE NO.17 – Review of preformed inspections by areas

Areas Total Private Sector

Public Sector

Physical person

Аrchive material 4 3 1 0

Banking 3 3 0 0

Librabrianship 15 0 15 0

Video survelliance 12 2 0 10

Child protection 42 6 36 0

Hosting 6 3 0 3

State agencie 9 0 9 0

Economics 3 3 0 0

Еlectronic trade 0 0 0 0

Health 15 11 3 1

Informatics 2 0 1 0

Public service 0 0 0 0

Public institutions 3 1 2 0



28

Communication services 6 0 6 0

Media 9 7 1 1

Education 145 2 143 0

Insurance 16 16 0 0

Pension and disability insurance 4 2 2 0

Judiciary 4 0 3 1

Labor relations 2 1 1 0

Energetics 4 3 1 0

Traffic 6 5 1 0

Social protection 22 0 22 0

Sport 6 3 3 0

Telecommunication 9 8 1 0

Тrade and services 15 12 3 0

Тourism and services 31 30 1 0

Finacne 1 1 0 0

TOTAL 394 122 255 16

According to legal provisions, but given priority to commitments stated in the

strategic documents of the Directorate, the main determination is emphasizing the

preventive role of inspection supervision, using the opportunity to train and educate

controllers for their obligations required by the protection of the right to privacy. The

education for the controllers is performed under the Rules on the form and content of the

call for education, the conduct of education and method of keeping records conducted

education, adopted by the Director of the Directorate.

4.2. Administrative disputes and infringement procedures

In 2015, 2 (two) infirgement procedures were initiated.

- In the period from 01.01 until 31.12.2015, 5 administrative disputes were initiated

with ongoing court proceedings.

- Administrative disputes with confirmed decision in favor of the Directorate for

Personal data protection for which the judgement is final are 2 (two).

- For 3 (three) administrative disputes there is an ongoing appeal before the

administrative court and the higher administrative court.



29

4.3. Ascertaining the conditions of inspections oversight in certain areas:

From the preformed analysis of the results from the preformed inspections during

2015, the following conditions and most frequent inconsistiencies in the application of the

regulations of data protection have been identified:

I. Most frequent irregularities and violations committed by the controllers detected during regular inspections of the controllers in the country in 2015

A. In the area of tourism and hospitality the following irregularities were identified: Irregularities:

- The controllers have not submitted a notification on the processing of data

protection to the Directorate and the Central register of collections has not

registered collections of personal data; The controllers have not appointed an

officer for personal data protection; The controllers have not delivered an

authorization for the persons preforming the processing of personal data and do not

keep records of all persons authorized to preform the processing of personal data.

Violations:

- Controllers‟ employees have not signed Statements of confidentiality and protection

of personal data; controllers have not adopted procedures for the right of access

and correction of personal data on the subjects of personal data and they do not

have created a special form of the right to access and correction of personal data,

which will be an integral part of this procedure; they have not adopted and applied a

documentation for technical and organizational measures to ensure confidentiality

and protection of personal data; the controllers have not established a separate

records on personal data provided for use; the controllers retain the documents for

personal identification (passport) to guests during their stay in a hotel and keep their

identity card to domestic guests checking out checking out from the hotel; they do

not have fixed deadlines for storage of documents containing personal data and

they have not preformed a destruction of documents containing personal data after

the deadline for storage, with commission creating a records.



30

- Controllers keep work files of its employees in cabinets that are not locked or lack

adequate physical protection; controllers have not applied adequate technical

measures for access on computers on which personal data are being processed;

controllers do not preformed periodical audits for following the compliance of the

controller with the regulations of personal data protection and the adopted

documents on technical and organizational measures and the measures to be taken

when using media, periodic controls of the work of the administrator of information

system as well as the periodic inspection of the recording of authorized access;

- Controllers have not preformed internal control of the information system and

information infrastructure as well as the manual processing of personal data in order

to check whether the procedures and guidelines contained in the documentation of

technical and organizational measures shall be applied in accordance with the

regulations on protection of personal data.

- In terms of video survelliance, most frequent violations determined by the controllers

are: no analysis done on the purpose for which the video survelliance was set; the

already established video survelliance frequently includes the space which is not

related with the purpose of meeting the objectives for which the survelliance was

initially set; notice that video survelliance is being preformed is often not fully

complied with the regulations on personal data protection and does not contain the

necessary information about the name of the controller and the means of how you

can get informations on where and how long to keep the videos from the video

survelliance. Controllers have not adopted a law that would regulate the manner of

preforming video suvelliance; Controllers have not provided authorization for

processing personal data and have not personally signed Statements of

confidentiality and protection of processing of personal data through the video

survelliance system for the authorized persons that have access to the video

survelliance system; Controllers do not keep records of access and insight of

personal data processed through the system of preforming video survelliance;

Controllers have not signed contracts with processors (the legal entity which

maintaince the video survelliance system, the legal entity that calculates salaries of

the controller) which will contain contractual clauses on the rules for personal data

processing.



31

B. In the area of child protection the following violations were identified:

Iregullarities:

- Controllers have not submitted a notification for processing of personal data to the

Directorate before they start with processing of personal data; all persons

processing personal data have not received authorization from the controllers to

process personal data and does not keep records of the persons authorized to carry

out the processing of personal data.

Violations:

- Controllors have no legal basis to process personal data for parents and they are

excessive in relation to the purposes for which the data are being collected and

processed; personal data of children are kept upon fulfilling the objectives for which

data are collected for further processing; Controllers do not have a legal grounds to

process the personal identification number of the child; Controllers do not inform

data subjects about the identity of the controller, the purpose of the processing, the

recepients or categories of recepients of personal data, obligations of issuing

answers to questions, possible consequences of not providing answers and the

existence of a right to access and the right of correction of personal data;

Controllers not fully apply appropriate technical and organizational measures to

ensure confidentiality and protection of personal data; Controllers have not adopted

and do not apply documentation describing the technical and organizatina measures

to ensure confidentiality and protection of personal data; The mutual rights and

obligations of the controllers and processors have been settled with writting

contracts which not contain: obligations of processors to act only in accordance with

instructions from the controller, obligations for the processors to undertake technical

and organizational measures to ensure confidentiality and protection of personal

data and clause with which will be determined the way of checking the actions of the

processors when processing personal data; controllers have not preformed periodic

audits to monitor compliance of the regulations on protection of personal data and

documentation of technical and organizational measures as well as for measures

when using media, periodic controls over manual processing of personal data and

the work of the administrator of the information system; controllers have not

preformed control of the information system and information infrastructure in order

to check whether the procedures contained in the technical and organizational



32

meaures documentation are applicable and are in compliance with the regulations

on protection of personal data.

- Regarding video survelliance, most frequent viaolations are: preform video

survelliance outside the area which is sufficient for fulfilling the purpose for which

the video survelliance was initially placed (cameras placed in study halls and

dinning room); controllers have not preformed analysis of the goals for which the

video survelliance is initially placed; controllers do not have a notification for video

survelliance; controllers have not adopted an act which regulates the manner of

preforming video survelliance.

- Individuals who process personal data through the system for video survelliance

have not signed separate statement of confidentiality and protection of personal

data through the system of video survelliance and fail to apply technical measures

for access to video survelliance; controllers do not keep records of access and

insight of personal data through the system of video survelliance and do not keep

separate records on personal data provided on use, the user of personal data and

the reason for disclosing personal data to the user.

C. In the area of social security the following ireguallarities were identified: Iregullarities:

- Controllers have notified that Directorate for the collections of personal data and

they have not registered the collections in the central register of personal data

protections;

- Controllers have not appointed an officer for personal data protection and they don‟t

keep records of the individuals authorized to carry out the processing of personal

data.

Violations:

- Controllers do not inform subjects of personal data about the identity of the

controller, goals of processing, users or category of users of personal data,

obligations of giving answers to questions, possible consequences of not providing

an answer, and the existence of the right of access and the right to correction of

personal data; controllors do not keep separate records on personal data provided

for use, the user of personal data, and the reason for disclosing personal data to the

user, controllers have not adopted and applied the necessary documentation for

technical and organizational measures to ensure confidentiality and protection of

personal data; Controllers do not fully apply appropriate technical and organizational



33

measures to ensure confidentiality and protection of personal data; controllers do

not apply measures to lock in closets with documents which contain personal data

for which the term of storage has expired; controllers do not apply measures to lock

in closets with documents which contain documents for users of social protection

rights (beneficiaries of the financial assistance for social protection and beneficiaries

of the social care services; transfer of personal data (defined in article 8 and 9 of the

Law on Personal Data Protection) through electronic communication network is

preformed without being specially protected by adequate methods so that they are

not readable during the transfer. The mutual rights and obiigations of the Center for

Social Work (as controller) and processor (MSP) have not regulated by writing

agreement, which comprises an obligation on the processor to act only in

accordance with the instructions received from the controller; an obligation for the

processor to undertake technical and organizational measures to ensure

confidentiality and protection of personal data and a clause will be determined on

checking the actions of the processor when processing personal data; Controllers

do not prefom periodic audits to monitor compliance of the controller with the

regulations on protection of personal data and the adopted documents on technical

and organizational measures as well as the measures that have to be undertaken

when using media, periodic controls over the work ot the administrator of the

information system, periodic verification of the recording of authorized access and

periodic controls during manual processing of personal data; controllers have not

preformed control of the information system and information infrastructure in order

to check whether the procedures contained in the technical and organizational

meaures documentation are applicable and are in compliance with the regulations

on protection of personal data.

D. In the area of education the following irregularities were identified: Irregularities:

- Controllers have not notified the Directorate for the personal data collections and

they have not registered with the Central Register of personal data collections;

Controllers have not appointed an officer for personal data protection, they have not

adopted individual authorization for all employees who preform personal data

processing and do not keep records of all individuals authorized to preform the

processing of personal data.



34

Violations:

- Employees of the controller have not personally signed statement of confidentiality

and protection of personal data; controllers have not adopted or applied

documentation of technical and organizational measures to ensure confidentiality

and protection of personal data; Controllers have not regulated the mutual rights

and obligations between controllers and processors with contractual clauses on the

rules of processing personal data; Controllers have not legal grounds for collecting

and storing a copy of the identity card of parents for the purpose of the students

enrollement if for such treatment there is not prior consent from the parents;

conrtollers do not have legal basis and no prior consent from parents for the

collection and processing of personal data on whether the parent is employed,

where does the parent work, do both parents live togerther and are divorced,

number of family members, material and housing conditions of the family, and

information whether they are recepients of social aid; controllers do not have legal

grounds in the personal files of employees to carry out processing of personal data

by keeping labor booklets, copies of identity cards, birth and death certificates,

controllers have no legal basis to collect, process and keep a copy of birth

certificate for students; controllers do not apply measures to lock the closet in which

files of employees are stored and wages of classes; controllers do not destroy

documents that contain personal data for which the term for storage has expired;

controllers do not inform parents upon enrollement for the purpose of processing of

personal data, users of such personal information, obligation of providing answers

to questions, the consequences of not responding and the right of access and

correction of personal data; controllers do not inform the personal data subjects for

the right of access and correction of their personal data; controllers do not keep

separate records on personal data provided for usage, the user of personal data,

and the reason for disclosing the personal data to the user; controllers do not apply

appropriate technical and organizational measures to ensure confidentiality and

protection of personal data for the access to all personal comptuters and application

software to which the personal data is being processed; controllers do not make

back up copies in relation to data processed automatically in software for wages on

a way which will guarantee the reconstruction of personal data in the state they

were before they lost or destroyed; controllers do not preformed periodic audits to

monitor compliance of the controller with the regulations of protection of personal



35

data and the adopted documents on technical and organizational measures as well

as measures that have to be undertaken when using media, periodic controls of the

work of the administrator of the information system and periodic controls during

manual processing of personal data; controllers have not preformed control of the

information system and information infrastructure in order to check whether the

procedures contained in the technical and organizational meaures documentation

are applicable and are in compliance with the regulations on protection of personal

data; in terms of video survelliance, most frequent violations are the following: there

is no law that will regulate the manner of preforming video survelliance; they have

not set notification about the video survelliance which contains the necessary

information and notification are not displayed elsewhere that shall enable data

subjects to get inform about the performance of video survelliance; notice that video

survelliance is preformed does not contain the required information; they do not

provide images taken through the system for video survelliance to be held upon

fulfilling the the goals, but no longer than 30 days; they have not done an analysis

of the purposes for which the video survelliance is preformed, which will specifically

contain: elaboration of the purpose why video survelliance is needed, especially

within the official premises during class; video survelliance is preformed out of the

premises which are sufficient for fulfilling the goals for which the video survelliance

is initialy set (sports field, teachers office); do not use adequate technical measures

for the access to the system of preforming video survelliance; do not keep records

of access and insight to personal data processed through the system for conducting

video survelliance.

II. Video survelliance as an activity preformed by the controllers who were subject to inspection by the Directorate during 2015, the following irreguralities and mulfucntions were identified:

Irregularities:

Controllers have not registered the collection they manage with the performance of

the video survelliance, in the Central Register for collections of personal data on the

Directorate for personal data protection



36

Violations:

Controllers do not apply appropriate technical and organizational measures and measures

of physical security for the system of video survelliance; there has been no act that would

define the manner of preforming video survelliance; overall they have not harmonized the

Rulebook of preforming video survelliance; they have not preformed an analysis of the

goals for which the video survelliance is set; they do not have a notice containing

information on the controller preforming video survelliance and the way you can get

information on where and how long photos are being stored and they do not fully

harmonized the notice that video survelliance is been preformed; the content of the

approval for processing of personal data received by the person who processes personal

data through video survelliance system; the have not informed employees for preforming

video survelliance in business offices; all individuals who have access to the video

survelliance have not signed a Statement of confidentiality and protection of personal data

through video survelliance system and have not received authorization to process

personal data through video survelliance system; have not signed an aggrement with legal

entities who have installed the system for video survelliance (processor) which will contain

provisions of personal data protection; do not keep records for inspection and access to

personal data processed to the system for preforming video survelliance; preform video

survelliance outside the area which is sufficient to fulfill the purpose for which the video

survelliance was initially set; the access to the room for video survelliance (monitoring) is

not regulated and restricted only to authorized individuals.

5. COMPLAINTS

5.1. Acting on received complaints

According to Article 19, paragraph 2 on the Law on petitions and proposal (“Official

Gazette “, No. 82/08 and 13/13), the Directorate for Personal data Protection as an

independent state authority, within its competence under Article 41 of the Law on Personal

Data Protection (“Official Gazette”, No.7/05, 103/08, 124/10, 135/11, 43/14 and 153/15)

handles the complaints and suggestions submitted to the Directorate for Personal Data

Protection by Macedonian citizens. In the period from 01 January do 31 December, 2015,

the Directorate for Personal Data received a total of 393 complaints.



37

TABLE NO.18

Year 2009 2010 2011 2012 2013 2014 2015

No. of received complaints 95 192 363 385 404 371 393

However, from a total of 393 complaints, 317 were received from physical entities,

72 complaints from legal entities, and 4 complaints anonimously.

The development of program activities and initiatives, and in general the work of the

Directorate for personal data protection, is headed towards increasing the awareness of the

citizens for personal data protection. The results derived from the number of complaints

received from physical entities only proves the fact of successful implemented campaigns,

distribution of information materials and various promotion initiatives in the previous period

in 2015.

Simultaneosly, the table below indicates a decrease in the number of received

complaints received by legal entities, as an indicator of the state of the controllers and

processors of personal data collections. The positive application of regulation for data

protection of controllers is due to the fact of increased number of trainings and education

conducted by the Directorate.

0

100

200

300

400

500

2009 2010 2011 2012 2013 2014 2015

number of received complaintsper year



38

TABLE NO.19

Year 2012 2013 2014 2015

Number of submitted by legal entities 66 51 36 72

Number of submitted by physical entities 316 353 331 317

Also, (117) complaints were submitted in written form, and (276) complaints were

submitted electronically.

Of the total number of complaints, 65% are aimed toward the application of misuse

of personal data on social networks or a total of 254 complaints.

TABLE NO.20

In terms of the number of received complaints of abuse of personal data on social

networks, 111 requests were submitted for deleting fake profiles on Facebook, and 13

requests for a fake profile of a minor.

0

50

100

150

200

250

300

350

400

2012 2013 2014 2015

submitted by legal entities

submitted by physical entities

63

254

other areas

for social networks



39

In terms of the number of compalints by area, the table looks like this: TABLE NO.21

Area No. of received

complaints

1. Social networks – fake FB 111

2. Social networks – hacked FB 63

3. Social networks 65

4. State administration 86

5. Fake profile of a minor 13

6. Video survelliance 18

7. Employment 7

8. Education 4

9. Health 3

10. Journalist questions 6

11. Judiciary 2

12. Pension and disability insurance 2

13. Internet 2

14. Direct marketing 1

15. Parking 1

16. Retailers 1

17. Housing 1

18. Misuse of email 1

19. Banks and saving houses 1

20. Public transport of passengers 1

21. Postal services 1

22. Public services 1

23. Tourism and Hospitality 1

24. Isurance of individual and property 1

Total: 393



40

5.2 Issuing permits for data transfer

The Law on Personal Data Protection has special provisions for the transfer of

personal data to third countries. Transfer of personal data to European Union countries and

member states of the European Economic Area (EEA) is done only by notice to the

Directorate for the preformed transfer, without permission from the Directorate because it is

considered that national laws in these countries are fully in accordance with Directive

95/46/EC, and therefore the level of protection of personal data in these countries is

adequate.

Transfer of personal data to other countries outside the European Union are

permitted only if the Directorate for personal data protection issues a prior approval and if

provides an adequate safety measure for data protection and the protection of privacy and

the right of freedom of the data subjects.

During 2015 a total of 15 approvals were issued for confirmation for transfer of

personal data.

TABLE NO.22

Transfer of personal data in other countries

Sector Country Approved Rejected Stopped proceedings

Pending

Banking USA 8 / / 1

Production India and

Phillipines

1 / / /

Тelecommunication USA, New

Zealand,

Izrael and

Sinagapure

/ / / 1

Marketing USA / / / 1

Health Turkey / / 1 /



41

The transfer of personal data to countries of the European Union and European

Economic Area (EEA) is accounted by submitting an application for transfer to the

Directorate for personal data protection.

TABLE NO.23

Applications for transfer within EU member states

Sector Country Number of applications

Banking

Slovenia

Germany

Greece

3

Insurance Croatia

Austria

2

Telecommunication Аustria 1

Education Italy

Germany

2

Health Germany 1

Production Ireland

Great Britain

3

Trade Serbia / / 1 /

Religion USA / / / 1

TOTAL 15



42

Greece

Trade Austria 1

TOTAL 13

5.3 Approvals for processing biometric data

According to Article 29 of the Law on Personal Data Protection, processing of

biometric data necessary to confirm the identity of the data subject can be made only after

prior approval by the Directorate. During 2015 the Directorate for Personal Data Protection

received 4 requests for approval for processing of biometric data necessary to confirm the

identity of the data subject, with prior submitted request for approval from the controllers.

DPDP has received 2 approvals for processing of a personal identification number

of the personal data subject, with prior submitted request for approval from the controllers.

5.4 Access regarding the request for free access to public information During 2015, the Directorate has a received a total of two (2) requests for access to

public information. Within the legal timeframe, the Directorate, acted on all requests, by

which all requests were answered positively, the Directorate was an official holder of the

information. Besides requests for free access, the Directorate has also received a request for an

opinion regarding the application of the derogation from free access to public information,

confirmed in Article 6, paragraph 1, item 2 of the Law on free access to public information in

cases when information holders may reject a request for information in accordance with the

Law if the information relates to personal data which disclouse would mean violation of

personal data.



43

Table No.24

Number of received requests

Positively answered

Forwarded requests to the holders of public information

Rejected

2 2 / /

5.5 Opinions and suggestions

In the reporting year, in accordance with the obligation arising from the Rules of the

Government (Article 68, paragraph 1, item 9), the Directorate has act and fully answered in

a direction of providing expert opinions concerning materials, draft laws, by-laws and other

draft regulations which are in any way related to personal data protection.

Despite changes in Rule book of the work of the Government in 2011, ENER has

been in use, electronic register of regulations, an electronic tool designed to inform citizens,

NGOs, chambers of commerce, business associations and entitites, representatives of

government, separate ministries.

According to the Government and the methodology for assessing the impact of

regulations, ministries, suggestions for law adoption, drafts and proposals of law, except for

laws adopted by urgent procedure must be published on ENER and they have to accessible

for comments 10 days prior to publishing. Proposals for adoption of laws, drafts and

proposals of law, drafts and proposals of law and reports of paragraph 5 Article 71 shall

remain posted on the web site of the ministry, and within ENER one year after the adoption

of the law.1 During 2013, the Directorate was involved in providing opinions on the basis of

ENER.

5.6. Expert opinions on materials, draft laws, by-laws, and other draft regulations under the Rules of the Government of the Republic of Macedonia

A total of 26 expert opinions are issued on the basis of the following acts:

- Guidelines for the implementation of the Law on issuing vouchers

- Regulation to provide services in the postal traffic

- Draft amendments to the Law on Foreigners

1 “Official Gazzete of RM” No.36 from 17.03.2008, Article 71



44

- Draft amendements to the Inspection

- Guidelines for processing of personal data on deposits of social welfare and

permanent financial assistance MLSP and social work centers

- Protocol between the MIA of RM and MIA of R.Kosovo for cross border prosecution.

- Protocol between the MIA of RM and MIA of R. Albania for transboundary constant

pursuit

- Draft agreement between the Government of RM and the Government of R.Kosovo

for reciprocal recognition of driving licences

- Report on completed negotiations with the harmonized text of the Agreement

between the Government of RM and the Government of R. Slovenia for police

cooperation

- Agreement between the US Government and the Government of RM for

cooperation in order to facilitate the implementation of FATKA

- Regulation on the form, content and manner of keeping the registry of the staff in

aviation and police aviation

- Law on prevention on money laundering and terrorist financing in terms of storage

of personal data

- Law for amending the law of passports of citizens of the Republic of Macedonia

- Law for amending the law on prevention of corruption

- Law amending the law on vehicles,

- Regulations on the calculations canceling identification number to a stranger, the

form and content of the form, and the manner of keeping records of the identification

number of the foreigner.

- Rules for ensuring the safety of integrity of public electronic communications

networks and services and activities that operators should take the breach of

security of personal data

- Law amending the law on forests,

- Information of the safety of the project „Introducing the work of government

institutions in cloud technology (G Cloud)”

- Law for the national data base for individuals with disability,

- Proposed amendements of the Law on Police,

- Regulation on the form, content and manner of keeping registers of insurance

agents, insurance agencies, insurance brokers, insurance brokerage companies

and banks;



45

- Draft text of the Agreement between the Macedonian Government and the Spanish

Government on cooperation in the fight against crime,

- Text of the Agreement between the Government of the Republic of Macedonia and

the Government of Russian Federation to take persons residing illegially and

Protocol for implementing the Agreement between the Government of the Republic

of Macedonia and the Government of the Russian federation to take persons

residing illegially.

- Draft regulations for the preparation for a new legal solution for system of

institutional protection and provisions on the protection of personal data within the

existing law to prevent corruption.

TABLE NO.25 Number of issued expert opinions by years

5.7. Opinions of the compliance of the documentation of the controllers with the provisions of the Law on Personal Data Protection

In 2015 opinions were prepared on the compliance documentation for technical and

organizational measures to ensure confidentiality and protection of personal data of 163 controllers in several areas (centre for social work, health institutions, government

agencies, hotels, travel agencies, production companies for trade of oil and derivates,

notaries, education, childcare etc).

0

5

10

15

20

25

30

35

40

2011 2012 2013 2014 2015

number of issuedopinions per year

Year No. of issued

opinions

2010 33

2011 16

2012 25

2013 38

2014 28

2015 26



46

5.8. Opinion regarding the implementation of regulations on protection of personal data (at the request of the controllers of different grounds)

During 2015, the Directorate for Personal Data Protection has received 90 requests

for opinion relating to the application of regulations on protection of personal data of the

controllers and processors and they were all answered according to the schedule. Most of

the required opinions are in the field of education, insurance, utilities, law firms and health.

In terms of it obligations defined by law, the Directorate develops politics of

education and provides guidance regarding personal data protection. For this aim, the

Directorate issued 17 decrees when the Directorate is informed for some irregularaties in

the processing of personal data or aware of complaints from citizens, media or otherwise in

the course of their work, in order to establish good practices in the operations of the

controllors, which are in accordance with the regulations of personal data protection.

During 2015, on the basis of various questions, 17 decrees were issued in

accordance with the requirements of the controllers, individuals, as well as ex officio in

certain sectors.

6. CENTRAL REGISTER OF COLLECTIONS OF PERSONAL DATA

6.1. Registered controllers and personal data collections

Central register of personal data collections illustrates the number of registered

collections by controllers and processors in a formed data base in the Directorate whose

reporting comes as a legal obligation for controllers.

During 2015 a registration of controllers and its collections was conducted within the

Central Register of personal data collections (hereinafter: Central Register).

The Central Register had significant contribution to the transparent functioning of

the Directorate as an instrument of excercising the right to inform citizens about the

collection of personal information maintained by controllers, and the opportunity for

application or request for deletion of unfounded data. The central registry also provides a

solid basis for internal reviews and analysis of situation with collections of personal data in

certain areas and the possibility for further targeted action.

In the period between 01.01.2015 to 31.12.2015 a total of 264 controllers and 827 collections of personal data were registered in the Central Register.



47

Submitted requests During 2015 there were 78 requests and 56 notifications for:

78 submitted requests to reset the parameters for login to the system.

26 submitted notices of change of officers on protection on personal data.

4 reporting notices of the processing of personal data

19 submitted notifications of transformation and change in the controllers.

7 submitted notifications of the need to update the collection of personal data.

TABLE NO.26 Tabulated by municipalities

Municipality No. of controllers No. of collections

Aerodrom 16 50

Berovo 2 /

Bitola 7 24

Bosilovo 1 2

Butel 8 17

Valandovo 2 /

Veles 7 22

Vinica 5 11

Vasilovo / 2

Gazi baba 12 38

Gevgelija 2 1

Gostivar 4 6

Gradsko / 4

Delcevo 1 5

Demir Hisar 2 2

Gjorce Petrov 5 18

Ilinden 2 6



48

Kavadarci 6 27

Karpos 28 91

Kisela voda 12 21

Kocani 5 19

Кriva Palanka 5 8

Krusevo 1 3

Кumanovo 9 19

Маkedonska Kamenica 1 5

Negotino 2 7

Ohrid 8 27

Pehcevo 2 9

Petrovec / 3

Prilep 6 21

Probistip 6 9

Radovis 16

Resen 2 5

Saraj 2 2

Sveti Nikole 1 3

Struga 2 2

Strumica 8 18

Centar 59 251

Cair 6 16

Cesinovo – Obelesevo 1 4

Stip 8 29

Suto orizari / 4



49

TABLE NO. 27 – Overview of registered controllers and data collections by year

Since the establishment of the Central Registry (2008) until now – 2015, the number

of total approved controllers is 1801 and 4226 collections of personal data. This indicates

an extremely large increase in reporting of controllers and their collections of personal data

in the central registry, measures of prevention, training and education conducted within the

training in the Directorate during 2015, as well as immediate information on supervision,

were more efficient compared to previous years.

Registering controllers is done within the organizational forms.

TABLE NO.28 Report of registered auditors and collections of personal data by organizationa forms from 01-01-2015 to 31-12-2015

0

200

400

600

800

1000

1200

2008 2009 2010 2011 2012 2013 2014 2015

Controllers

Data collections

Type of legal entity No. of conotrollers

No. of collections

Stock company (JSC) 11 101

Stock company with one shareholder 1 0

State authority 3 15

Limited liability company 27 78

Limited liability of an entity (LLC) 50 113



50

6.2 Personal data protection officer

With the

amendments to the

Law on Personal

data protection in

2010, Article 26, for

the first an

instrument was

established

„Personal data

protection officer‟ –

a person

responsible for data

protection.

The

Directorate for

personal data

protection pays

special attention to

the continuous informing of the officers for personal data protection, as one of the strategic

priorities and objectives, taking into account the important role they have in institutions,

companies, bodies etc. Thus building a network of officers for the protection of personal data,

the Directorate, directly, indirectly, and on a long term, provides educated staff beyond their

own institutional operations, a kind of „branches‟ that have an obligation to pay attention to

the legal process and the right to protection of personal data. During 2015, a total of 274

officers for data protection were reported.

Religious community 1 0

Health institution 17 31

Citizens association 1 5

Public prosecution 0 1

Public service 1 1

Public enterprise 38 125

Cultural institution 4 6

Education – upbringing institution 48 154

State administration body 0 3

Education – scientific institution 14 36

Person excersizing public authority established by law

6 16

Other chambers and business associations

1 0

Subsidiaries and representative offices of foreign companies

2 5

Court 1 6

Sole proprietor 4 3

Institution that preforms public activity

33 127

Fund 1 1



51

The reporting year has continued with intensified pace determination of officers for

data protection by controllers, whereby the central register of controllers of collections of

personal data in 2013 reporter 704 officers. Total reported officers for the protection of

personal data in the Central Regiser since its establishment (2008) until 2015, is 1870. The enoromous increase in the number of reported officers for the protection of

personal data which were reported in 2013, only 64.4% of the total number of applicants,

due to the number of completed training and increased perception and promotion of the

right to protection of personal data. Eversince, it has been in continuos growth coupled with

the number of reported controllers and their collections of personal data.

TABLE NO. 29 Reported officers for the protection of personal data given by years.

This statistical summary illustrates the increasing awareness of the controllers in the

implementation of regulations on protection of personal data. For this prupose, the

interpretation of the increase of the number of registered officers of the protection of

personal data is aimed at recognition of this entity by controllers and processors, of

personal data as a tool; resource that has an important role in institutuional terms for

controllers and processors. According to the legal regulations (Article 26 of the Law on

Personal Data Protection) the officer for personal data protection directly participates in

decision – making related to the processing of personal data and the exercise of the right of

subjects of personal data monitors the compliance with the law and regulations for the

protection of personal data and documentation for technical and organizational measures to

ensure confidentiality and protection of personal data etc.

0

500

1000

2010 2011 2012 2013 2014 2015



52

Obviuosly, the need for further education of officers for the protection of personal

data is more than needed and necessary, and as an activity, the Directorate for Personal

Data Protection plans and implements continuously.

7. TRAINING

In order to further raise the quality of enforcement for the protection of personal

data by controllers and processors of personal data collections, and in order to increase

public awareness of the measures that have to be undertaken for proper care, technical

and organizational, the Directorate for personal data protection, within its competence,

carries out training for interested controllers and processors throughout the year.

Trainings are held in accordance with the Annual Programme for training of

controllers of personal data collections and processors established and adopted by the

Directorate. Interested controllers and processors are included in the planned training

through the procedure of registration. At the same time, a number of training courses are

conducted on the basis of signed Memorandums of Cooperation.

Directorate for Personal Data Protection conducts two types of training:

organizational part solely by the Directorate for Personal Data Protection and in cooperation

between the Directorate and "Semos Education" or EC Council - USA.

Within the Directorate, the training is conducted according to predetermined

modules and one General module - General knowledge of data protection (general

training), 16 specialized modules and 5 separate modules, depending on the area from

where controllers and processors of personal data collections come from.

According to the Report on conducted training for securing confidentiality and

protection of the processing of personal data for 2015, prepared by the Commission for

conducting training within the Directorate for Personal Data Protection of Personal Data,

where all activities are handled according to the Guidelines on the organization and

implementation of training for controllers and processors no.02-1414 / 1 from 11.11.2010,

and the Rules of Procedure of the Commission for conducting training sessions, a total of

44 trainings were conducted, 38 trainings to ensure confidentiality and protection of the

processing of personal data and 6 certified training for digital security of computer users -

CSCU (Certified Secure Computer User).

The training was attended by 633 participants, 557 students attended the training of

confidentiality and protection of personal data and 76 participants participated on the

http://www.dzlp.mk/en/search/node/%D0%93%D0%BE%D0%B4%D0%B8%D1%88%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%B0%202013

http://www.dzlp.mk/en/search/node/%D0%93%D0%BE%D0%B4%D0%B8%D1%88%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%B0%202013



53

training for Certified Digital Security Computer Users – CSCU (Certified Secure Computer

User).

From the participants on the training to ensure confidentiality and protection of the

processing of personal data, 346 partcipants were representatives of the controllers from

the private sector, 211 participants were controllers from the public sector.

From the users of certified trainings for digital security of computer users – CSCU

(Certified Secure Computer User), 36 participants are representatives of controllers of the

private sector, 40 participants were controllers from the private sector.

Participants on the trainings were representatives from 420 different controllers.

In 2015, three workshops (roundtables) were held entitled „Privacy and Free Access

to Public Information‟ in cooperation with the Academy of Judges and Public Prosecutors,

attended by judges, prosecutors, court administrators and officers for data protection in

courts and public prosecution offices. Also, on the request of the officers for personal data

protection, a specialized training was organized within the area of judiciary, where

specialized emphasize was placed on the work preformed by the officer for protection of

personal data, in accordance with the regulations on protection of personal data.

Furthermore, in 2015, the Directorate for Personal Data Protection signed a

Memorandum of cooperation no.16-1251/1 from 28.04.2015, with the center for training

staff KDS Angelina DOOEL, whereby 7 trainings were conducted to ensure the

confidentiality and protection of personal data processing, out of which 5 trainings were

specialized for representatives of the controllers from the field of child care (kindergarden)

and 2 trainings (generic and specialized module) designed for controllors in the field of

tourism and hospitality (hotels).

In 2015, 3 trainings were conducted for Certified Digital Security of Computer Users

– CSCU (Certified Secure Computer User) allocated by the National Bank of Macedonia,

attended by 40 partcipants. Also one of the certified training for digital security of computer

users – CSCU (Certified Secure Computer User) was conducted on 40 participants‟

representatives of Macedonian Telekom AD Skopje.

In 2015, 4 trainings were conducted in the area of education, attended by 31

participants, 3 trainings in the area of health, attended by 44 participants, 3 trainings

(workshops) in the field of finance, banking, investment funds and brokerages, attended by

75 participants. 1 training for controllers from the district administration (Ministry of



54

Defence) attended by 31 participants; 5 trainings for controllers in the area of economics,

attended by 73 participants; 4 trainings for controllers in the field of justice, attended by 96

participants, 2 trainings for controllers in the security field, attended by 21 participants; 3

training programs in the trade of field of tourism, attended by 19 participants; 1 training for

controllers in the field of trade, attended by 16 participants. Also in 2015, 1 training was

conducted for controllers that offer funeral services (stonecutters) (21 participants) 1

training for dormitories (8 participants) and 1 training for representatives of libraries (7

participants) and 1 specialized training in the area of direct marketing (8 participants).

In addition to this report, a tabular presentation of conducted trainings on number of

participants in areas (Appendix 1, number of participants in industry sectors (public/private)

(Appendix 2) and tabular display of trainings conducted by months (Appendix 3). In addition

to this report, a graphic display is outlined that indicates the number of completed training

from 2010 to 2015 (Appendix 4) as well as table showing the number of trainings conducted

by year and number of participants (Annex No.5)

Appendix No.1

Module Area Number of

trainings on

personal data

protection

Number of

participants

1 Education 4 31

2 Health 3 44

3 Media / /

4 Finance, banking, investment fund and brokerage

3 75

5 Labor relations, employment, job placement, health and safety at work

/ /

6 Telecommunication / /

7 Pension funds / /

8 Administration 1 31

9 Child protection 2 25

10 Economics 6 73



55

11 Judiciary 4 96

12 Insurance 2 21

13 Private security / /

14 Tourism and hospitality 3 19

15 Local selfgovernment / /

16 Trade 1 16

17 Accounting / /

18 Funeral services 1 21

19 Dormitory 1 8

20 Direct Marketing 1 8

21 Debt recovery 1 15

22 Library 1 7

Training for officers of personal data protection in various areas

4 67

Total 38 557

Appendix no.2

Participants from controllers of public sector 211

Participants from controllers of private sector 346

Total 557

Appendix no. 3

No. Month Year

Number of trainings for PDP

1 January 2015 3 2 February 2015 3 3 Mart 2015 5 4 April 2015 7 5 May 2015 4 6 June 2015 5 7 July 2015 1 8 August 2015 / 9 September 2015 3 10 October 2015 3



56

11 November 2015 2 12 December 2015 2 Total:

38

No. Month Year

Number of trainings CSCU

1 January 2015 / 2 February 2015 / 3 March 2015 1 4 April 2015 / 5 May 2015 1 6 June 2015 / 7 July 2015 / 8 Аugust 2015 / 9 September 2015 1 10 Оctober 2015 1 11 November 2015 1 12 December 2015 1 Total:

6

Appendix No. 4

Appendix No. 5

Year Number of organized trainings

Number of participants

2010 10 174 2011 37 758 2012 40 723

0

10

20

30

40

50

60

70

2010 2011 2012 2013 2014 2015

number oforganizedtrainings



57

2013 54 1653 2014 66 1055 2015 44 633

The development of modern technology on a daily basis questions the security of

internet communication and general data protection. The Directorate for Personal Data

Protection of the Republic of Macedonia considers that it is of a particular interest to

increase citizens‟ awareness on these issues and their implementation.

As a result of the signing of the Memorandum of Understanding between the

Directorate for Personal Data Protection (www.privacy.mk) and EC Council (International

Council of Electronic Commerce Consultants (www.eccouncil.org) the already established

need between the two entities to expand scope of cooperation by organizing training and

education of controllers and processors of personal data as well as for all computer users

who regularly get in contact with sensitive information, according to the Annual Program

Directorate.

The Directorate signed a memorandum of Cooperation with EC – Council of the

United States on 31.07.2013. Also, a memorandum with „Semos Education‟ was signed

which is the only authorized training center for EC-Council (International Council of

Electronic Commerce Consultants) in Macedonia.

CERTIFIED TRAINING FOR DIGITAL SECURITY OF COMPUTER USERS

http://www.privacy.mk/

http://www.eccouncil.org/



58

8. COMMUNICATION AND PUBLIC RELATIONS

8.1. Increasing public awareness

Raising public awareness and informing citizens about the right to protection of

personal data and the right to privacy is one of the top priority activities in the work of the

Directorate. In 2015, the Directorate was aimed at promoting the right of personal data

protection, both to citizens and before the controllers of personal data collection, with

special attention to increasing cooperation with youth organizations, capacity building of

young people, and local councils of youth by supporting youth participation in creaing a

system for the protection of personal data.

8.2. Cooperation with media

Within the building a communication with the public, the Directorate has regular

cooperation with the media on a periodic basis. Taking into account the specificity of certain

media and targer groups to which they are directed, the Directorate for Personal Data

Protection has continued its ongoing cooperation wit the daily newspaper “Nova

Makedonija” on whose web portal citizens can ask questions of which the Directorate

provides answers, and the answers are published in the print edition every Monday.

In the past year, 30 texts were published in “Nova Makedonija” and the greatest

interests was shown in the area of personal data protection of children on the internet,

using „smart‟ devices, protection of personal data in the health sector, protection of privacy

at work, video survelliance etc.

The cooperation with the Macedonian Radio Skopje began in November 2015. On a

weekly basis, in the form of visits to the morning program “Hronomer” every Tuesday one

topic related with personal data protection was developed. A total of 5 regular performances

were realized.

Besides the cooperation between these two media, the Directorate for Personal

Data Protection regularly responds to all current issues in the focus of public and media.

http://www.novamakedonija.com.mk/NewsDetal.asp?vest=2116851595&id=10&setIzdanie=23674



59

Media No. of Annexes

Print Media 47

Television 55

Radio 23

Internet portals 55

Total 180

Newsletter of the Directorate

The electronic paper of the Directorate is on of the tools for informing the public

about the activities of the Directorate, as well as innovations in the field of protection of

personal data. In 2015, 2 editions were issued of the electronic paper of the Directorate.

The contents of the electronic paper are defined in a way that touches more target

groups. The newspaper reports on the activities of the Directorate as a competent authority

for personal data protection, inspection of the controllers in certain areas, recent information

related to the privacy protection in the world, but corresponds to the most common

questions and concerns of the citizens related to the processing of their personal data.

8.3. „28 January“– Celebrating the European Day for Data Protection

On January 28th, 2015, the Directorate for Personal Data Protection for the ninth

time has celebrated the European Day for Data Protection. The main goal of the events

organized to celebrate this day in the European countries is to raise public awareness of

personal data protection and to inform citizens of their rights in this field which would allow

implementation in a more effective manner.

http://www.dzlp.mk/e-vesnik



60

For this occasion, a conference was held on the project „Privacy Class‟ and the

results for the analysis of the questionnaires intented for students of secondary schools of

the City of Skopje. The project was supported the Mayor of the city of Skopje, Mr. Koce

Trajanovski, OSCE Mission in Skopje and Methamorphosis – Foundation for Internet and

Society.

This year, the goals of the project „Privacy Class‟ were presented toward increasing

public awareness and education of the teachers and professors for personal data

protection, students throughout the territory of Skopje, as well as presenting the results of

the preformed opinion pools within the project, and asnwers to several questions were

initiated: how many students believe they should get knowledge on topics related to the

abuse of their photographs and materials with inappropriate content on social network; how

many students get provocative photos on social network, and how many of them send

such; how many have created fake profiles on social networks that are neither reported in

the Directorate? What is the percentage of parents who are informed and concerned, where

to look for an answer…? What parent says and what students?

At the same, recommendations were given for further actions to integrate the

curricula and content for detailed study of the right to privacy and protection of personal

data in a particular subject.

For that purpose, several lectures were held for teachers and high school students,

during entire 2015. With the support of OSCE Mission to Skopje, several workshops were

held on personal data protection, hate speech and discrimination, in order to raise

awareness among teachers of secondary school in Kicevo, Struga, Skopje, Gostivar,

Tetovo and Prilep.

The lecture of the topic “Personal Data Protection” – for practical application in the

education sector was highlighted as a need by the teaching staff in secondary schools in

several cities, thus around 120 teachers have gained knowledge in the field of national and

international legal framework for the right of protection of personal data and the right of

privacy. Significant number of questions were posed in terms of mechanisms for protection

of social networks as well as in the area of labor and employment and for signing

statements of confifentiality in schools.

High schools students were also involved in the project “Privacy Class” which was

originally intendent to be implemented in all Secondary schools of the city of Skopje, in

order to bring students closer to the issues in the field of personal data protection,

recommendation for safe use of social networks, non – profileration of hate speech, etc.


http://dzlp.mk/sites/default/files/u972/Istrazuvanje.pdf

http://dzlp.mk/sites/default/files/u972/Istrazuvanje.pdf

http://www.dzlp.mk/mk/node/2976




61

But this time, at the request of the secondary schools in other cities, the project

expanded and gave lectures in Tetovo, Kicevo, Gostivar, Struga and Prilep, with a scope of

150 high school students from all high schools. Activities within the project are entirely

aimed in the direction of education and the results should contribute to the eradication and

prevention of misuse of personal data online, social networks, and reduce the number of

registered hate crimes. Hight school students have gained certificates as future trainers and

activitst to fight against hate speech on the internet.

Guide to the protection of personal data of students in primary schools in

Macedonia.

The Directorate for personal data protection created a Guide for personal data

protection of students in primary schools in Republic of Macedonia as a part of the project

“Privacy Class”. This guide should contribute toward raising the awareness about the

protection of personal data of children and enable them to gain a greater understanding of

what are the challenges that they may face if they fail to protect personal data. The guide is

structured on a simple methodology adopted to the age of the readers. Additionally, the

guide can assist to other individuals and organizations dealing with education of children.

The guide is a result of the need to raise awareness for the protection of personal data. The

first lecture, on the initative of the elementary school was held on 05.10.2015 in the primary

school “Goce Delcev”, Skopje.

Guide to parents to protect the privacy and personal data of children online This Guide emerged as a need, taking into account the analysis preformed by the

Directorate for personal data protection in 2014, and the research was done within the

project „Privacy Class‟ in 2015. The focus of this guide is set towards the internet, social






62

networks, but other forms are also presented related with the communication and key

places concerning where misuse of personal data and privacy is might emerge.

Also, mechanisms for reporting are presented related with the abuse of personal

data on social networks. “Showing interest in the technologies used by your child, you can

learn along with him/her and know what he does when he is “on the internet” The

Directorate for personal data protection and Metamorphosis – Foundation for Internet and

Society, and secondary schools of the city of Skopje, as a part of “PRIVACY CLASS”.

Еducating students of the Faculty of Pedagogy in Stip, Tetovo, Skopje and Bitola

In order to raise public awareness of personal data protection and capacity of those

who work and deal with the education of young people in the next period, several lectures

were held at the Faculty of Philosophy – Institute of Pedagogy and from the Faculty of

Pedagogy “Sv. Kliment Ohridski” in Skopje, as well as Pedagocial faculties from Stip, Bitola

and Tetovo.

Of particular importance is the knowledge of the regulations on protection of

personal data of future teachers, those who work with children and education of children,

and those who realize practical work with children for the program for further learning and

teaching. This activity is supported by the OSCE Mission to Skopje, the civil assosication

“Sumnal”, “Otvorena porta – La Strada”, and “Sreken zivot”.

Recommendation for Privacy Class in the buses of Public Transportation Company Skopje

Within the good cooperation with the city of Skopje, as partners of the project, from

September 20, recommendation from Privacy Class were placed in buses of JSP Skopje.

The presentation of the main recommendation for the protection of personal data as well as

recommendations not to spread hate speech, to be cautious what is posted on social

networks, etc., within the buses of the Public Transportation Company Skopje – is a good

opportunity for wider perception and increasing awareness concerning these important

issues. At the same time, several target groups will be covered apart from the educational

process covered by the lectures of Personal Data Protection. For this purpose, posters

were placed, on Macedonian and Albanian, in buses of JSP Skopje.




63

8.4. 10 year anniversiary – Directorate for personal data protection!

On June 22, the Directorate for personal data protection celebrated 10 years of

existence. The Law on personal data protection was adopted in 2005, for the first time, this

matter was legally regulated. Within these 10 years, the Directorate is a creator of policy for

consistent implementation of regulations on protection of personal data at national level;

promoter/guardian of the right to protection of personal data; act on initiatives from citizens

and requests for violation of law; responds to complaints from individuals and legal entities

concerning the illegality when processing personal data; continuously educate controllers

and processors and gives experts assistance; preforming inspection and represents a body

that is continually consulted on amendments of legislative regulations in RM.

Within a same table sat representatives from Google and Facebook and entities for

Personal Data Protection in the region and beyond. With the support of the OSCE Mission

in Skopje, it was also disscuced about what are the challenges posed by new technology,

and how to preserve our privacy and personal data.

For this occasion, the Director of the Directorate for Personal Data Protection

addressed to the citizens of the Republic of Macedonia through nbapis in “Nova

Makedonija”. In the past 10 years, transparent work and educated and informed public were

and remain one of the priorities of the Directorate for Personal Data Protection.

On the occasion of the 10 year anniversary, the Directorate for Personal Data

Protectionin cooperation with Facebook released Handbook for parents on Instagram.

Besides the English version, the handbook was translated on six more languages and this

on Macedonian as well. Young people communicate and socialize through various

applications and video game talk, sending messages via telephone, and Instagram is

exactly one of the most popular applications for social networking of smart phones. As an

http://www.dzlp.mk/sites/default/files/pdf/Ti_odlucuvas.pdf



64

application, Instagram offers an advanced level of protection of the privacy of its users, but

it is also important for parents to be informed of the way their children use this platform and

be aware of the potential risks and dangers.

Research was also published on Institutional recognition of the Protection of

Personal data. The main objective of the implementation of this survey was to investigate

awareness of the existence of the Directorate for Personal Data Protection as an institution

and to detect how familiar they are with its work and responsibilities, where it was

determined that 63% of the respondents were aware of the existence of the Directorate for

personal data protection and 84% of them know that in case they have a problem regarding

personal data they may contact the Directorate.

8.5 Initiatives

DPDP became a member of the National committee against hate speech

On 22.01.2015 the Directorate for Personal Data Protection has become a member

of the National Committie against hate speech, which is actively involved in the campaign

against hate speech on the internet. The campaign against hate speech on the Internet is a

movement within the EU and beyond, against expressions of hate speech on the internet in

all its forms, including those that most affect young people, supported by the Council of

Europe. The campaign is a part of the project “Youth against hate speech on the Internet”

which stands for equality, dignity, human rights, and diversity. It is a project against hate

speech, racism and discrimation in all their forms of expression.

Taking into account the efforts of the Directorate for personal data protection for

outreach to young people on issues relating to the protection of personal data, the safe use

of social networks and non – proliferation of hate speech on the internet, supporting young

people in achieving their rights online and offline and thus prevent misuse of personal data



https://www.facebook.com/MKCampaignAgainstHateSpeech/?ref=hl

https://www.facebook.com/MKCampaignAgainstHateSpeech/?ref=hl

http://www.dzlp.mk/sites/default/files/field/image/Untitled.png



65

online, reducing the level of acceptance and dissemination of hate speech and the support

and solidarity to victims of hate speech, as an affirmation of the main objectives of the

campaign against hate speech on the internet.

DPDP has became a member of the Alliance for Open educational resources

Having in mind the activities which in continuity conduct for the youth population, the

Directorate for Personal Data Protection was invited to join the Alliances for Open

Educational Resources as an institution that advocates for education for all ages. Especially

in promoting the right to protection of personal data. In October 2013, the Alliance for Open

Educational Resources, initiated by the Metamorphosis Foundation, published the

Declaration for Open Educational Resources in Macedonia.

Currently we have over 370 individual supporters of the declaration, as well as 18

organizations among including higher education instituions, secondary schools and NGOs.

OER Declaration of Macedonia is based on the Declaration on Open Educational

Resources UNESCO adopted in Paris in 2012. Alliance for Open Educational Resources

group is open to individuals, organizations, institutions that function as an informal network

with a common goal – raising awareness and capacity of the academic and scientific

community for the creation and use of open educational resources in the country.

The Alliance for Open Educational Resources supports the development of Open

Educational Resources (OER) in Macedonia, based on the principles of the Paris

Declaration on Open Educational Resources 2012 adopted by UNESCO on the “World

Congress for Open Educational Resources” in 2012. The support means that whenever is

possible to respect and implement the recommendations adopted at the Congress in order

to provide outdoor education accessible to all.

DPDP has involved in creation of the National Youth Strategy of the Republic of Macedonia (2016-2025)



http://oer.mk/wp-content/uploads/2013/10/Deklaracija-za-OOR-Makedonija1.pdf

http://oer.mk/sign/index.php/pages/signed_institutions/

http://oer.mk/sign/index.php/pages/signed_institutions/

http://oer.mk/wp-content/uploads/2012/07/%D0%9F%D0%90%D0%A0%D0%98%D0%A1%D0%9A%D0%90-%D0%94%D0%95%D0%9A%D0%9B%D0%90%D0%A0%D0%90%D0%A6%D0%98%D0%88%D0%90-%D0%97%D0%90-%D0%9E%D0%9E%D0%A0-2012.pdf

http://oer.mk/wp-content/uploads/2012/07/%D0%9F%D0%90%D0%A0%D0%98%D0%A1%D0%9A%D0%90-%D0%94%D0%95%D0%9A%D0%9B%D0%90%D0%A0%D0%90%D0%A6%D0%98%D0%88%D0%90-%D0%97%D0%90-%D0%9E%D0%9E%D0%A0-2012.pdf

http://www.dzlp.mk/sites/default/files/field/image/13.png



66

The Directorate for Personal Data Protection gives special emphasis on the

education of young people and informing them about the right of personal data protection.

Of particular importance is the inclusion in the drafting process of the new strategy for

youth. It is an activity of the Agency for Youth and Sport in collaboration with the

Development programme of the United Nations, approached to the process of creating a

new National Youth Strategy of the Republic of Macedonia (2016-2025).

The process of creating new National Strategy for Youth will take place in the period

from February to November 2015. It involves the creation of a document that reflects the

real needs of young people and the basic framework for undertaking activities that promote

the position of youth in society.

Creation of the guidelines for the vision of the strategy was one of the thematic

focused workshops designed for the working groups where they had the opportunity to

define the key challenges faced by young people. Participation of Workshops of the “Youth

Information” and “Education” should lead to conclusions and proposed measures for better

information, using appropriate tools to communicate with young people, as well as greater

inclusion of youth in building the formal education system for youth information and

education by institutions.

8.6 Cooperation with civil society and NGOs

Cooperation with the NGOs and civil society is one of the priorities for work in the

Annual Work Programme for 2015 for the Directorate for personal data protection. This

year, special attention was paid to raising public awareness and educating young people

involved in non-governmental organizations to support their work and development

activities.

“Association for youth activism “Youth Vision” – Caravan of Privacy

Issues related with employment and personal data protection, labor relations,

publishing personal data on social networks, sharing photos etc., again were topics of

education in Bitola on May 07, in the organization of the Association for youth activism






http://www.dzlp.mk/sites/default/files/field/image/11198466_10204145321968984_1977164788_n.jpg



67

“Youth Vision” and several invited NGOs. For this goal, young people prepared a flyer for

greater transparency and attendance of young people for the event.

Cooperation with the Youth Education Forum Members of the program “Ucime Pravo” from several cities in Macedonia (Veles,

Bitola, Skopje, Kicevo, Gevgelija etc) as a part of the workshop – EU Weekend, which was

organized in Ohrid from 03-05 April, by the NGO “Youth Educational Forum” had the

opportunity to hear three guest lectures by a representative from the Directorate from

personal data protection.

The lectures were aimed at introducing the students to the legal framework of data

protection, and the rights of citizens to be informed about who process personal data, the

right to access and delete, and update data. Also they presented the initiatives

implemented by the Directorate for personal data protection for raising public awareness of

the right to protection of personal data. High school students have shown the biggest

interest to post personal information on social networks.

Also, at the invitation of the OIF representative from the Directorate for personal

data protection took part in the 7th consecutive summer school – Academy for Youth

organized by the OIF in the period from 18-20 August on Popova Sapka. Students have

shown particular interest for social networks, privacy policies, “The Right to be forgotten”

and series of events worldwide which highlighted the right to personal data protection.

„Days of education and career “

In the period from 07-09 May, the Directorate for Personal Data Protection was

present with its own promo console on the “Days of Education and Career” where visitors

can get acquainted with the Directorate as a body responsible for protection of personal

data as well to get informed on how to act in case there data are being misused and their

privacy right is violated. Promotional materials were also distributed, and especially for this

event, bookmarks were printed with the logo of the Directorate and its website, FB and

Twitter profile, through which citizens can contact the Directorate.

Survey was also preformed on the visitors, through specially developed

questionnaire for the knowledge of the responsibilities of the Directorate, from which is

expected to result with an analysis of the degree of distinctivenss of the Directorate. The








68

promotional counter is within the stand of the University “SS. Apostle Paul” – Ohrid, Hall 3

at Skopje Fair.

Humanitarian action of the 10th anniversary of the Directorate for pesonal data protection

In the spirit of celebrating 10 years of its existence, responsible and dedicated to

preform the function of guardian of personal data of citizens of the Republic of Macedonia,

in order to fulfil its commitment to humane and socially responsible actions, empoloyees of

the Directorate for personal data protection initiated humanitarian actions in cooperation

with the Red Cross of Macedonia. The action consisted of collecting clothes, shoes and

personal hygiene items. Also a box was set for collecting monetary donations. The

donations are intented for the stations of the homeless.

Responsibility and humanity, and above all humanity, are crucial foundations of a

healthy and functioning society and values that each socially responsible organization

should be practiced in its operations. According to the Memorandum of Cooperation, the

Directorate for personal data protection and the Red Cross of Macedonia on several

occasions have organized humanitarian relief efforts of varios target groups.

Local youth councils

On the conference for presenting results and challenges for the establishment of

local councils for youth has expressed interest in supporting the capacity building of the

same lectures for youth and delivering educational materials. For that purpose, in 12 local

youth councils in the municipalities of: Delcevo, Struga, Kicevo, Tetovo, Negotino, Skopje,

Debar, Ohrid, Bitola, representatives were present from the Directorate of Personal Data

Protection, lectures were held on their premises, for introducing the right for personal data

protection, the responsibilities of the Directorate, and initiatives and activities undertaken in






http://www.dzlp.mk/sites/default/files/field/image/humanitarna akcija.png



69

order to raise awareness among young people. Lectures developed in a fruitful debate from

which number of new ideas emerged for future mutual acitivites, organizing informative

events, as well as training for trainers at a local level that would further spread the

knowledge to the youth of the municipality.

After the lecture, materials and brochures were distributed in order to inform about

the the protection of personal data, as well as organizing several info-days in municipalities

with distribution of materials.

Visit of DPDP of NUUB Sv. Kliment Ohridski – Bitola The youth council of the municipality of Bitola again in cooperation with the

Directorate for Personal Data Protection donated books entitled “Privacy is just mine”. This

activity of the Youth Council of the Municipality of Bitola conducted in order to bring young

readers to their rights and opportunities for personal data protection.

Workshop of the right for personal data protection

On our initiative on 14.10.2015,and with the support from UNDP Office in Skopje, a

workshop was held for the right of personal data protection for the represenatives of youth

organizations and civil society. Participants shown great interest to present legislation in

Macedonia, the responsibilities of the DPDP, media and misuse of personal data etc.

Press release – Macedonia now on Goodle street view

https://www.facebook.com/%D0%94%D0%B8%D1%80%D0%B5%D0%BA%D1%86%D0%B8%D1%98%D0%B0-%D0%B7%D0%B0-%D0%B7%D0%B0%D1%88%D1%82%D0%B8%D1%82%D0%B0-%D0%BD%D0%B0-%D0%BB%D0%B8%D1%87%D0%BD%D0%B8%D1%82%D0%B5-%D0%BF%D0%BE%D0%B4%D0%B0%D1%82%D0%BE%D1%86%D0%B8-127385723997112/photos







70

The Directorate was actively involved in negotiations before the procedure for

starting Google street view in Macedonia. As of October 2015, you can virtually explore the

center of Skopje and Bitola to walk around or admire Ohrid – the city of pearls with launch

of the new Street View Gallery in Macedonia.

8.7 Signed Memorandums

During 2015, memorandums were signed between the Directorate for Personal Data

Protection with several NGOs working on educating the youth, as well as with technical and

legal faculties. Several lectures were held on an invitation of Faculties, which effectively

proved the need and increased interest in sharing knowledge in terms of data protection

and application of legislation in terms of information technology development.

1. Signed memorandum of cooperation with NGO “Youth Education Forum” 2. Signed memorandum of cooperation with NGO “Youth Can” 3. Signed memorandum of cooperation with the International Slavic University

„G.R. Derjavin“ in Bitola 4. Signed memorandum for cooperation with “FINKI”

https://www.google.mk/maps/@41.9940777,21.432682,3a,75y,315.12h,92.89t/data=!3m6!1e1!3m4!1sykhucgJaGNyjOlgQOkAU9g!2e0!7i13312!8i6656!6m1!1e1

https://www.google.mk/maps/@41.0310314,21.3344137,3a,75y,233.16h,93.72t/data=!3m6!1e1!3m4!1sGq9U9-fNvMzHhu-PlXkUTg!2e0!7i13312!8i6656





http://www.dzlp.mk/sites/default/files/field/image/Finki memo.png



71

9. INTERNATIONAL COOPERATION

International cooperation is a strategic decision of the Directorate for personal data

protection. Achieving international cooperation is mainly realized through participation in

working groups, international organizations and relevant institution in the field of interest.

9.1. Activities related to the process of European integration

Excerpt from the report by the European Commission for the Republic of Macedonia for 2015 concerning the protection of personal data

“The Law on personal data protection is aligned with EU legislation. Directorate for

personal data protection continues to strengthen its capabilities through ongoing training,

with 4 new jobs and slight increase in the budget. The Directorate has increased its

acitivities in 2014, implementation of 404 inspections in the public and private sector (387 in

2013) and finding 300 violations in total. The Directorate received 371 complaints in 2014

(404 in 2013) which mostly relate to the misuse of personal data on social networks. The

number of controllers of personal data and trained processors rose to 66 in 2014 (54 in

2013) and activities to raise public awareness. The Directorate is consulted on a draft

legislation, public policy and operations on data controllers more frequently than in previous

years. Additional efforts are needed to ensure full harmonization on sectoral laws with the

Law on personal data protection. The Directorate, which is an independent regulatory body,

has yet to take actions on the recent publication of mass illegial survelliance of individuals

through electronic communication. This raised questions about the ability to act with

complete independence”.

NPAA – National Programme for the Adoption of the Acquis

Within the continuous delivery of updating the situation regarding the

implementation and adoption of the Law on European Union, the Directorate has completed

the following objectives defined in Chapter 3:23 Judiciry and Fundametal Rights of the

National Programme for the Adoption of the Acquis (NPAA), planned for 2015 which refer to

personal data.

It means revision/overview of activities implemented within the framework of the

Action Plan for implementing of the strategic document – Communication strategy for



72

raising public awareness of the right to protection of personal data; implementation of

inspections;

Subcommittie on justice, freedom, and security

Concerning the 11th meeting of the subcommitties of justice, freedom and security,

held in Brussels in 2015, materials were prepared in the field of protection of personal data

protection whereby new development and updates of laws were discussed, regulations and

so on., which contain provision on the protection of personal data, which is of a particular

importance for the Directorate in its efforts to actively participate in policy making and giving

opinions on laws and regulations on a national level.

Internal ministerial body for human rights2

The Directorate for personal data protection is one of the 12 representatives in the

inter ministerial body for Human rights, which in 2015 held a session.3 With the conclusion,

it has been decided to form an Experts Working Group with representatives / employees at

expert level of all institutions, members of the Inter Ministerial group on human rights,

aimed at strengthening the work of the body, with aim to review current issues and

obligations of RM in the area of human rights.

2 Confirmation of the commitment of the state of human rights and the establishment of the Inter-Ministerial Group on Human Rights Resolution of the Government of the Republic of Macedonia in April 2012. This body chaired by the Minister for Foreign Affairs, and its members are state secretaries in the Ministry of Foreign Affairs, Ministry of Justice, Ministry of Labor and Social Policy, Ministry of Interior, Ministry of Education and Science, Ministry of Health, Secretariat European Affairs, the Secretariat for implementation of the Framework agreement and the Directors of the Commission for relations with religious communities and religious groups. State Statistical Office, the Directorate for Personal Data Protection and the Agency for the rights of minorities. External members of the body : the Deputy Ombudsman of the Republic of Macedonia, the President of the Agency for audio and audiovisual media services , the President of the Commission for Protection against Discrimination and the President of the Commission for Protection of the Right to Free Access to Public Information . The powers of the Inter-Ministerial Group on Human Rights relating to: strengthen coordination in the area of human rights of all ministries and authorities Government, information exchange and implementation of the recommendations contained in the reports of the committees and other bodies of the UN, Council of Europe, EU and other international organizations, giving proposals for improvement of legislation in the field of human rights and provision of other proposals to the Government of importance to the promotion of human rights in the country. 3 At the meeting of Inter-Ministerial Body for Human Rights discussed the review of the reporting obligations of the Republic of Macedonia in terms of international human rights instruments , the review of the current liabilities of the country in the field of human rights in the context of EU integration , the program for Government Cooperation with UNICEF proposed measures for providing accreditation status " A" of the Ombudsman by the International Coordinating Committee of National Institutions for the Protection and Promotion of Human Rights (in accordance with the Paris Principles ) , recording cases motivated by hatred by competent institutions , initiating procedures for signing and ratification of international agreements on human rights by the Republic and visit reports to the monitoring mechanisms of the UN and Council of Europe.



73

9.2. Following the European legislation on protection of personal data

During 2015 an expert discussion has continued at European level aimed at

improving the text of the draft of the new EU legislation on the protection of personal data.

Within the bodies and organs of EU and in the Council of Europe, it has been discussed

about the mechanisms and instruments which have to be implemented by the national

legislation and to be compatible with globalization, with digital development, and the need

to protect privacy.

After the enactment of the new regulations, which establishes a general EU

framework for the protection of personal data, which will replace Directive 95/46 EC of 18th

December 2015 COREPER has confirmed the agreed text to the European Parliament for

reform in the area of data protection. The reform package includes a Regulation on Data

Protection Directive and the data protection for police departments and criminal justice. It

will focus on strengthening the rights of individuals, strengthening the EU internal market,

providing greater focus on implementation, streamlining of international transfers of

personal data and set global standards for data protection. The regulation also promotes

the introduction techniques such as anonymisng, pseudonymization, and encryption. 4

Proposal for new text of regulations can be read on the following link:

http://ec.europa.eu/justice/datarotection/document/review2012/com_2012_11_en.pdf

9.3. Participation in the EU bodies for the protection of personal data

Advisory committee of the Council of Europe to protect the individual from the automatic processing of personal data T-PD The Council of Europe is a leading organization for human rights in Europe.

Curently, it has 47 member states, 28 of which are EU member states. All member states of

4 These pillars of privacy, will undergo changes with proposed changes to EU regulations will result in the need for change and domestic regulations. Although at present, the Law on Protection of Personal Data ( "Official Gazette " no. 7/05 , 103/08 , 124/10 , 135/11 , 43/14 and 153/15 ) is fully compliant with international legislation , employees of the Department daily follow the direction in which the proposed changes at European level, in order to prepare for rapid adaptation to change and acceptance of innovations, as well as to ensure the full functioning of the concept of privacy and following the latest standards in this area. In addition Directive 95/46 / EC and Convention 108, Directorate monitor all other directives, recommendations, opinions and resolutions adopted by international expert groups working in the field of protection of personal data and participate with their views and comments in the preparation of the new .

http://ec.europa.eu/justice/datarotection/document/review2012/com_2012_11_en.pdf



74

the Council has signed the European Convention on Human Rights, an international treaty

(tool) designet to protect human rights, democracy and the rule of law.

Convention on the protection of individuals with regard to Automatic Processing of

Personal Data (Convention 108) is open to accession by January 28 1981 and it‟s the first

legally binding international instrument in the field of personal data protection. According to

this Convention, countries are invited to take the necessary steps in the national law to

apply the principles of the Convention in order to ensure on their territory protection of

fundamental human rights in relation to the processing of personal data.

The European Court of Human Rights monitors the implementation of the

convention on human rights by member states. Physical individuals may file a complaint or

proceedings of violations in cases of violations of human rights court in Strasbourg, but only

after they use all legal remedies at home. What is new is that the European Union is

preparing to sign the European Convention on human rights, which will create a common

European legal space for over 820 million citizens in the segment.

Council of Europe, through the T-PD Consultative Committie continue disscusions

on amendments to the convention 108 of the council of Europe for the protection of the

individual in connection with the automatic processing of personal data including the

Additional Protocol to the Convention regarding supervisory authorities and transfer data to

third countries. The text is supported by representatives of the authorities to protect

personal data within the highest body of the Council of Europe, which is in a final phase.

For this purpose, an ad hock committee CAHDATA was formed.

The Directorate is a full member of the Consultative Committie to protect the

individual from automatic processing of personal data T-PD. The Directorate participated in

32nd session on the T-PD Commitie held from 01 to 03 July in Strasbourg. The topic of

discussion was the modernization of convention, the main innovation in the field of personal

data protection, as well as the signing and ratification of the accession to Convention 108.

Article 29 Working Party

The Directorate has an observer status in the Working Group 29. During 2015,

representatives of the Directorate participated on all four meetings of the working group 29

which provided to follow the news that will be covered by the new legislation on protection

of personal data of European Union, whose adoption is expected in the next period.

http://www.coe.int/fr/web/portal/home



http://www.coe.int/t/dghl/standardsetting/dataprotection/TPD_documents/T-PD-BUR%282013%2901%20Draft%20terms%20of%20reference%20of%20the%20Ad%20hoc%20Committee%20DATA_En.pdf




75

Spring Conference – European Annual Conference on Data Protection (Spring Conference)

In the period 18-20 May 2015, the Director of the Directorate for Personal Data

Protection took part in the European Conference of bodies on protection of personal data,

held in Machester, organized by the Commisioner for Personal Data Protection in the UK.

Topic of this year‟s Spring Conference entitled “Navigating through the digital future – in

practice”. The main driver of panel disscusions of the conference is to reform the protection

of personal data in Europe which launched a discussion about the power and competence

of the authorities to protect the personal data, which puts into focus the right to protection of

personal data. The Director of the Directorate, has a speech in the panel discussion

dedicated to “Case Handling Workshop” hosted by DPDP in 2014, which refered to the

success of the 26th organized workshop of cases, an event which is a great opportunity for

the authorities to protect personal data exchange experiences and practical examples of

their work. The Director presented a handbook which the Directorate prepared as a product

of a previously organized international workshop in Skopje.

Participation on the 37th International Conference of the Commissioners for data protection

Between 04-08 May the Director of the Directorate for personal data protection, Mr.

Dimitar Georgievski took part in the 37th international conference of Commissioners on

personal data protection held in Amsterdam, Netherlands. Under the motto “Building

bridges of privacy”, more than 750 experts worldwide discussed the so called “Bridges of

privacy” while sharing meaningful experiences and practices in the field of protection of

personal data and the right to privacy, primarily referring to finding practical solutions to

increase the level of personal data over atlantic transfers.

These “bridges to privacy” are designed to strengthen the value based on privacy in

a way that would resolve the differences between the legislations of the EU and US. The

report “Tour du Monde” as a sublimination of the overall discussion of the Conference, in


https://www.privacyconference2015.org/news/

https://www.privacyconference2015.org/news/






76

order to show that problems and challenges related to privacy and protection of personal

data exist and they are same on every place on earth.

The presence of representatives from more than a hundred bodies on protection of

personal data and the right to privacy around the world were presented as an excellent

opportunity for informal sharing of experience and best practices, as well as acquiring

numerous contacts for future professional collaborations and expanding the sphere of

international cooperation of the Directorate for personal data protection.

Participation on the 5th Congress of the European Days of personal data protection, and participation on a conference on privacy protection in Berlin, Germany

In the period from 04 to 08 May, the Directorate for personal data protection took

part in 5th Congress of the European Days of Personal data protection and the conference

on privacy protection in Berln, Germany. A lot of European experts discussed topics such

as: cloud data, big data, and data collection while preforming direct marketing. Participation

of these type of events is essential in order to exchange experiences and knowledge in

various areas related with personal data protection to monitor modern trends in

technologies. More on:

International conference on the protection of personal data and privacy in the use of drones

In the period 05-06 February 2015 in Budapest, Hungary, the Director of the

Directorate for personal data protection Mr. Georgievski took part in the International

Conference on the protection of personal data and privacy in the use of drones. Organizer

of the conference is the Hungarian authority of personal data protection.

Participation on a regional conference “Privacy in the Digital Age”

On January 27, 2015, the Director of the Directorate for personal data protection,

Mr. Georgievski visited the Republic of Kosovo and took presence in the regional

conference entitled “Privacy in the Digitalized Age”, which is organized by the Agency of

personal data protection in Kosovo. At the conference, Mr. Georgievski was a part of the

presenters on a topic “New Challenges facing the Balkan authorities for protection of

personal in digitalized age”. Participants were addressed by representatives of the

authorities to protect data from Kosovo, Albania, Montenegro, Bulgaria, Norway, and

Japan, where challenges and experiences were shared. The representative of Japan


http://www.euroforum.de/edpd/

http://www.euroforum.de/datenschutz-kongress/

http://www.euroforum.de/datenschutz-kongress/





77

devoted his speech to “Privacy in Japan: law, culture, and reform.” This is an excellent

opportunity for participants to exchange their practices, discuss issues, share and discuss

possible solutions for further reforms and actions, especially the regional aspect. Agenda

Participation on the 8th International Conference on Computers, Privacy, and Protection of Personal Data (CPDP 2015) Brussels

In the period 21-23 January 2015, the Director of the Directorate for personal data

protection took part in the 8th International Conference on Computers, Privacy and

Protection of Personal Data Protection (CPDP 2015) in Brussels. The conference is an

event where partcipants share the most current and latest developments and experience in

the legal, regulatory, academic and technological development in the field of personal data

protection and privacy and gathers each year academics, lawyers, policy makers, computer

scientist, and representatives of civil associations, in order to exchange ideas by discussing

the most current issues and trends in this area. That makes the conference one of the most

frequent conferences in the field of data data protection and privacy in Europe and

worldwide. More than 415 participants from the academic area, the public and private

sector, were part of the 70 panel disscussions which were held during this year‟s three day

conference on highly topical themes: mobility (mobile technologies, transferable

technologies; border survelliance) big data, privacy and innovation, cyber security,

management of the internet and privacy, as well as reforms concerning the protection of

personal data in the EU and the United States aimed at regulating the monitoring of

governments. One of the panelist on the conference was Jan Albercht MEP and rapporterur

on data protection in the European Parliament together with other MEPs were part of the

panel discussion entitled “Reform for personal data protection: Have we found the right

balance between fundamental rights and economic interest?” He emphasized his optimistic

perception about the draft – DP EU Regulative, saying that it is possible to come to a

decision until 2015. Albercht said that Parlaiment‟s position is already a compromise

between the many stakeholders prepared to negotiate for more points, but now the parties

have to talk about the details and not to return to the principles. He stressed that subsidy for

IT companies in the EU are to introduce regulations and would be a handicap if Europe has

28 different models for data protection. The delay means loss of purchasing power for EU

and loss of rights.

Also, a representative from the body for personal data protection from Chile

announced that it is in the process on drafting a new law on personal data protection which

http://www.dzlp.mk/sites/default/files/u972/27%20January%202015%20Agenda%20eng%20.pdf





78

is aimed at new draft amendments to EU legislation. It means the establishment of a new

body with higher fines for violations related to personal data and privacy. At the moment,

the maximum amount is 3000 euros.

Participation on an International Conference “Gaining digital edge: freedom of expressions”

In the period 16-18 October in Belgrade, representative from the Directorate for

personal data protection, through the OSCE Mission in Serbia, the Foundation SHARE –

Serbia and Central European University for Public Policy, took part in the International

Conference “Gaining digital edge: freedom of expression”, attended by several NGOs,

institutions, and universities in the region and beyond. The conference was aimed at

networking with civil society working on projects to raise public awareness about the safe

use of the Internet: sharing of best practices for the education of young people on privacy

and protection of personal data. Topics that were discussed: Right to deletion of data; the

Delfi case before the European Court of Justice; Ethics of research and use of data: privacy

risk? New frontiers in publishing the video materials; etc.

Participation on the 17th meeting of the authorities for personal data protection of the countries from Eastern and Central Europe – CEEDPA

A representative from the Directorate for personal data protection took part in this

event. Collegaues from Albania hosted the 17th meeting of the authorities to protect the

personal data of the countries of Central and Eastern Europe, held in the period 29-30 April

2015 in Tirana, Albania. Topics which were related with the professional disscusions were

mainly related to data security and also individual experiences were presented of the

authorities to protect the personal data of countries from Central and Eastern Europe in

carrying out inspections in the processing of personal data, etc. One part of the meeting

was devoted to the independence of protection of personal data and the challeges they

face. At the same time, the authority for the protection of personal data of Kosovo became

a new member of CEEDPA.



79

Participation on the 1st meeting of the Working group on the protection of personal data within the PCC SEE

A representative from the Directorate for personal data protection took part in the 1st

meeting of the Working group on the protection of personal data within the PCC SEE, held

from 16-18 December 2015 in Ljubljana, Slovenia. The meeting agreed to prepare a

questionnaire to assess the situation on the protection of personal data in Each Member

State of the Convention; to form a subgroup within the Working Group on Data Protection,

to hold meetings for the preparation of the Implementation Agreement on protection of

personal data under Article 34 of the Convention.

Participation of IDC SEE FORUM 2015

In the period from 13-21 September 2015 in Opatija, Croatia, the Director for

personal data protection participated on the IDC SEE FORUM which held from 16-18

September and which presents an opportunity to get to know and consider future trends

and challenges, analysis of current strategies, and an opportunty to exchange experiences

and best practices in the field of IT.

Study visit to Oslo, Norway

In the period from 08 to 09 September 2015, representatives from the Directorate

for personal data protection of the Republic of Macedonia led by the deputy director of the

Directorate and representatives of the authorities to protect personal data from the Western

Balkans (Serbia, Montenegro, Bosni and Hercegovina, Albania and Kosovo) realized a

study visit to Norwegian authorities for the protection of personal data, Datatilsynet. The

study visit is realized within the project “Continued support to the promotion of the

protection of personal data”. The purpose of this study visit is to get to know with the work

and exchange experiences of the Norwegian authorities for the protection of personal data

(Datatilsynet), as well as visiting NorSys center, presenting the experiences and best

practices to address the challenges for the protection of privacy on the Internet on the

Western Balkans.





80

Participation in the International conference “Free Access to Information – regional experience and international standard”

The deputy director of the Directorate for personal data protection in the period from

19-20 November 2015 in Podgorica, Montenegro, took part in this conference where new

approaches were discussed about the judgement of the European Court of Human Rights

in this field.

Participation on an International conference “Trust, privacy and security while protecting personal data in the digital world”

The Director of the Directorate in the period between 16-20 November in Sofia,

Bulgaria, took part in the International Conference on “Trust, privacy, and security while

protection personal data in the digital world” focusing on themes which cover legal issues

and strategic visions for the acquisition of privacy in the digital world. In the presence and

active participation of experts from the IT sector, attention was also paid on the new

aspects of regulations of this matter.

Participation on an international conference “Competence to combat hate speech on the internet”

In the period from 14-20 December in Tbilisi, Georgia, organized by the “Al-ternativi

International” Bulgaria through the Erasmus + Programme, a representative from the

Directorate for Personal data protection took part in the international conference

“Competence to combat hate speech on the Internet” which was attended by several

NGOs, institutions, and universities from 9 countries. The purpose of this trip was

networking with civil society working on projects to raise public awareness about the safe

use of the Internet; sharing of best practices for the education of young people on privacy

and protection of personal data.

Google in Macedonia for growth opportunities and challenges of innovation guided by open data

On June 21, 2015, in Skopje, Google in cooperation with the Directorate for

personal data protection of Macedonia organized an event of closed character that

gathered all stakeholders, representatives from various sectors, telecommunication,

banking, banking, education, IT companies and so on. The event entitled “Innovation driven



81

by data – Growth opportunities and challenges” was completely dedicated on consequential

and socio - economic value that derives from the use of data analysis by private and public

organizations to make better decisions and create new products and services. During the

event, participants discussed the results from document policies toward “Innovation driven

by data – growth opportunities and challenges in South East Europe” prepared by seven

institutes in the region that participated in the research and preparation of the paper. The

policy document highlighted the advantages of acceptance of innovations driven by data

and the need to develop balanced policies in support of open data, and crop utilization of

open data.

The Directorate for personal data protection became a part of the EuroCloud initiative

The Directorate for personal data protection has become a part of the initiative Euro

Cloud as a partner who will be involved in all activities, relating to the protection of personal

data when using “Cloud” services.

Eurocloud is an independent non profit organization that represents pan European

center for knowledge sharing between customers that offer or use Cloud computing service

providers and research centers. EuroCloud maintans an open dialogue with all partners in

order to link business and IT. The Directorate became a part of this initiative, taking into

account future acitivities and plans, and to provide adequate protection to the processing of

personal data which are processed through „Cloud‟ services.

9.4. Use of EU funds

The implementation of the project “Support to access the right to protection of

personal data” has started on November 23, 2015, finance by the IPA TAIB 2012

programme. The duration of the project is 24 months and will be implemented by the group

Vialto Consulting Ltd. (Vialto), Hungary in consortium with IPS Institute for Project

Consultancy (IPS) from Slovenia and National Authority for Data Protection and Freedom of

Information (NADPFI), Hungary. The main objective of the project is ti improve data

protection in the country in line wih EU legislation. Also, this project will provide further

improvement (legal and institutional) framework for personal data protection in the Republic

of Macedonia, in accordance with best EU practices, in order to ensure that citizens are

guaranteed protection of their personal data through:



82

Further harmonization of national legislation with new reforms for the

protection of personal data in the EU and positive experiences

Strenghtening the mechanisms for protection of personal data in various

areas

Develop and implement a new strategy for the protection of personal data

Implementation of ISO standards and standards for privacy

The project will be implemented through the following three components:

Component 1: Implementation of the Strategy for Protection of Personal data from

2012 to 2016 and the development of a new strategy 2017 – 2022,

Component 2: Capacity building for further implementation of the Law on Protection

on Personal data and improving cooperation with controllers, and

Component 3: Implementation of IT standards and privacy standards

Norwegian grant for institutional strengthening of the Directorate for Personal Data Protection

The upgrading of the institutional and organizational capabilities of the Directorate

continued during 2015 through the project “Continued support for the promotion of the

protection of personal data protection” funded by the Ministry of Foreign Affairs of Norway.

The project introduced and implemented new mechanism and tools in the current legal

environment, paying particular attention to Delete ME and Data Processing in Cloud

Computing. The second component of the project is focused on deepening cooperation

among law on personal data protection in the Western Balkans.

During 2015, individual visits were realized by the Director and the Deputy Director

of the Directorate, within all authorities of personal data protection in the Western Balkan

countries and the cooperation was established within the project. Also, their representatives

participated in the conference organized to mark the the tenth anniversary of the existence

of the Directorate for Personal Data Protection, which had a special panel dedicated to

regional cooperation. Within this event, also the promotion of the project took place. At the

end of the year, new web page www.deleteme.mk which was created to enable citizens

http://www.deleteme.mk/



83

efficient, effective and transparent way to deal with an invasion of privacy when using social

networks. This web site will be put into use in the beginning of 2016. Through the project

trainings were conducted for the employees of the Directorate in order to improve their

knowledge concerning risks of privacy in the use of technology in every day work and life.

Multi – user TAIEX workshop on the protection of personal data of foreigners

In the period 24-25 February in Skopje, with the support of the European

Commission, DG Enlargement Institutional building, TAIEX - Justice and home Affairs, and

organized by the Directorate for Personal Data Protection and the Ministry of Internal Affairs

held multi-user TAIEX workshop on the protection of personal data of foreigners (with a

focus on „asylum seekers, migrants). This workshop was developed as a common regional

need expressed by a number relevant domestic institutions and in the period when the

Republic of Macedonia, the Ministry of Internal Affairs, is under the MARRI presidency, also

supported by MARRI Regional Center. The main objetives is to recognize lectures and best

practices from Member States of the EU on this part of the legislation for asylum and

migration, with special attention on the aspect of data protection. Since there are no such

initiatives, training, even low number of seminars conducted on the subject, it will important

to gather representatives from the ministries of interior in the region of the Western Balkans

and Turkey working in the field of asylum, refugees, and migration issues, and

representatives from the authorities to protect personal data in the region and to upgrade its

facilities, including data protection as an aspect of the subject.

9.5 Bilateral and multilateral cooperation

Recognition for successful operation of the CNIL – body for protection of personal data in France

On the occasion of the 10 year anniversary, on June 22, by a representative of CNIL

– the authority to protect personal data of France, the Directorate for personal data

http://www.dzlp.mk/sites/default/files/field/image/11046351_912175582184785_7358999539759914155_n.jpg



84

protection was awarded a plaque for successful operation and active participation in

international discussion for the challenges of personal data protection. The recognition has

even greated significance given that the chief Commissioner of the CNIL, Isabelle Falk-

Pjerotin, which is also the Chairman of the Article 29 Working Group, which includes

representatives of all authorities of personal data protection in the EU. Although the

Directorate for personal data protection has a status of an „observer‟ still actively

participates in the plenary session.

Working visit of the authority for Personal data Protection in Serbia

On October 02, 2015, the Director of the Directorate for personal data protection

made an official visit to the Authority for Personal data protection in Serbia to share the

experiences of implementation of the regulations on protection of personal data.

Furthermore, within the visit, a Memorandum of Cooperation was signed between the two

bodies.

Official visit of the authority for the protection of personal data of Kosovo

The Director of the Directorate for personal data protection, from 05-08 March,

Pristina, held an official visit to the institution for the protection of personal data from

Kosovo, based on a signed memorandum of cooperation between the two institutions to

exchange experiences and mutual stimulation of bilateral and multilateral projects, IPA

experiences, and Erasmus plus.



Documents

Annual Report - Вести од ДЗЛП Report 2015 - English... · 2015 ANNUAL REPORT ... Rules of the Government of the Republic of Macedonia ... to strengthen the supervisory