In June 2021, North Macedonia joins the club to which most European states and many others across the globe belong; those lay a great worth on the safeguarding and processing of personal data in an orderly and responsible manner. This will inevitably bring some increased regulatory burden. However, the shift also has advantages: the high standards of personal data processing will make the North Macedonia-based companies more competitive and sought-after partners for attracting data-intensive business from the EU.
Importantly, data transfers from the EU to North Macedonia are subject to intense regulatory scrutiny, must be framed by comprehensive data protection/joint controllership agreements and accompanied by enhanced, modular standard contractual clauses whose new versions should be adopted by the European Commission any day now. The putting in place of such clauses combined with other complimentary measures (such as encryption and/or pseudonymization) will likely immensely intensify the data flows between the EU and North Macedonia creating a plethora of new business opportunities.
The new, high quality legal framework adopted by North Macedonia is not in itself sufficient to meet the standards of the GDPR-ruled EU counterparties and their supervisory bodies. A lot of real reorganization and repapering of a company's data processing activities must take place before it is pronounced a trustworthy partner in the personal data department. The data must be mapped, and the flows traced and analysed. The companies must make sure that they process no data "just in case they need it" and that their data is up-to-data and correct. To ensure against data breaches that are so common in an increasingly digitized world, robust information security must be put in place around the corporate IT infrastructure, and this must be clearly documented. Clear, concise, and easy-to-follow policies which reflect the respective company’s organizational structure and industry specifics must be created. Employees, clients, and partners' rights must be guaranteed and the staff must be trained to observe those, to treat personal data with due diligence and be vigilant about potential information security risks.
To help businesses prepare for this change and adjust, Data Owl in partnership with SeeNews, is holding on May 12 a webinar. The 75-minute webinar is a highly practical, business-like crash course on why it is inevitable to seek compliance with data protection laws in Europe, what it means to be compliant, how your business can benefit from it, and what the the downside is if you fail. Register here.