On December 25, 2024, a new Rulebook on data processing security was published in the Official Gazette of the Republic of North Macedonia no.266, which was adopted by the Agency for Personal Data Protection based on article 66 paragraph 6 of the Law on Personal Data Protection (Official Gazette of the Republic of North Macedonia No. 42/2020 and No. 294/2021).
This Rulebook shall enter into force on 01.07.2025, which means that from that date the Rulebook on data processing security which was published in the Official Gazette of the Republic of North Macedonia No. 122/20, shall cease to be valid.
Pursuant to Article 28 of the Law on the Protection of Personal Data, each data controller is required to adapt its operations to the provisions of the new Code within the foreseen period for reviewing and updating the technical and organizational measures applied to ensure the security of the processing of personal data.
The new rulebook provides guidance on the activities that controllers should undertake when planning, establishing, implementing, reviewing and updating technical and organizational measures to ensure the security of the processing of personal data.
The rulebook also defines the objectives of protection, minimization of personal data, confidentiality, integrity, availability, unlikability, transparency, intervention, risk, risk management process, personal data protection system, information system and incident.
Moreover, the new Rulebook emphasizes the provisions related to the establishment of an information system, its maintenance, the system for the protection of personal data, risk management, the establishment of a framework of threats with their more detailed explanation and identification, as well as a set of measures to protect and reduce risks.
Attached to this Rulebook are forms that will help controllers to harmonize internal documentation with the provisions of the new Rulebook.