1 14 th ceedpa meeting kyiv, 20 – 22 may 2012 directorate for personal data protection republic of...

1

14th CEEDPA meetingKyiv, 20 – 22 May 2012

Directorate for Personal Data Directorate for Personal Data ProtectionProtection

Republic of MacedoniaRepublic of Macedonia

- DPDP -- DPDP -

Дирекција за заштита на Дирекција за заштита на личните податоциличните податоци

• Established on 22 June 2005

• Separate legal entity under the Law on Personal Data Protection

• Independence from Governmental institutions

• Financing: Budget of the Republic of Macedonia

STATUS of the Directorate for Personal Data Protection


3

ORGANOGRAMORGANOGRAM


4

MISSION OF THE DIRECTORATE FOR PERSONAL DATA PROTECTION

The Mission of the Directorate for Personal Data Protection is to ensure efficient system for every natural person to exercise its right of personal data protection through the inspection over the legality of processing of personal data. The Directorate is competent for:•Creation of normative framework for implementation of the legislation on personal data protection;•Implementation of the principles for personal data protection;•Issuing opinions on the acts of the controllers and processors and on the processing of personal data;•Performing inspection over the processing of personal data and their protection;•Assessment of the lawfulness of the processing of personal data;•Maintenance of the Central Register of collections of personal data;•Keeping evidence and issuing approvals for transfer of personal data to other countries;•Achieve international cooperation in the field of personal data protection and participate in the work of the internationalorganizations and institutions for personal data protection Besides those basic functions, the Directorate aims to realize its strategic goals: •Acting upon requests of natural persons for violation of their right of personal data protection;•Rising public awareness of the controllers and processors and the general public and•Promotion of preventive instead of repressive mechanisms, activities and methods in the performance of the competencies defined in the Law on personal data protection in the Republic of Macedonia.


5

Main competence of the Directorate given in the Article 37 of the Law on personal data protection (“Official Gazette of the Republic of Macedonia” n. 7/05, 103/08, 124/10 and 135/11), “is performing inspection over the legality of the activities for processing of personal data and their protection on the territory of the Republic of Macedonia”.

In 2011, the number of inspectors in the Directorate increased which enabled new conditions for the work of the inspectors such as direct education and equipping with the newest IT technology.

In July 2011, inspectors were certified for ISO 27001. This certificate gives the inspectors stronger capacity for performing inspections at the controllers and processors that have complex IT infrastructure i.e. the inspectors upgraded their knowledge in other areas.

INSPECTION


6

Compared to 2010, the Directorate for Personal Data Protection increased the number of inspections. With a total number of 117 inspections in 2010, out of which 18 were transferred in 2011, during 2011, 146 inspections were performed.

0 20 40 60 80 100 120 140 160

Inspection in 2011

Inspection in 2010

Inspection in 2009

Inspection in 2008


7

This software, through a broadband internet connection, which can be used out of the premises of the Directorate, will contribute to

• more efficient and economic performance

• generating reports

• planning inspections

The inspection procedure is completely realized on the spot during the course of the inspection which contributes in cutting of post expenditures and the time needed for the procedure and in raising the efficiency of the inspectors raising the efficiency of the inspectors and cutting of post expenditures

SIN - Software for inspection


8

CONSULTATIONS

0

50

100

150

200

250

2006 2007 2008 2009 2010 2011

Opinions

Reprimands

In public sector

In private sector

Compared data show that the need for issuing opinions and reprimands is bigger in every year. The total number in 2011 is almost two times higher than 2010. The increased of the number of the requests for opinions shoes that the interest of the subjects for the right of personal data protection is increased as well. All this shows that the work of the Directorate profiles the right of privacy as one of the basic human rights protected by law.


9

Participation in policy making and involvement of DPDP In the process of drafting of laws

We have submitted to the Government of the Republic of Macedonia, an initiative for amending the Rules of Procedure on the Work of the Government of the Republic of Macedonia, which enables obligatory consultation of DPDP when the laws, materials, by-laws and other regulations that involve protection of privacy and personal data are prepared. Our initiative has been accepted and has resulted with adoption of the amendment to the Rules of Procedure on the Work of the Government of the Republic of Macedonia that stipulates the participation of DPDP in the process of drafting laws and by-laws.

Namely, Article 68 paragraph 1 line 9 from the Rules of Procedure on the Work of the Government of the Republic of Macedonia stipulates that Ministries and other state administrative bodies are obliged to submit to DPDP all materials, draft laws, by-laws, and other draft regulations in the field of personal data protection for opinion of DPDP, prior to their submission to the Government.


10

For the purpose of raising the quality of the personal data protection from the data controllers and processors and in the same time raising the general public awareness, the Directorate is organizing in the framework of its jurisdiction is organizing and implementing training/seminars for all interested data controllers and processors. During 2011, the Directorate has organized and implemented 37 trainings where 758 participant from 548 controllers and processors participated.

TRAINIGS

AreaNumber of

participantsEducation 343Health 4Media 2Banking, investment funds, and stocks 42Telecommunications 36Pension funds 4Public administration 22Economy 65Judiciary 101Insurance 32Local Self-government 61Security Agencies 22Energy 16Hotel Services 8 758

Controller/processor Number

Local self-government 46

Banking 14

Insurance 8

Telecommunication 4

Primary schools 182

Secondary schools 85

Faculties 7

State institutions 13

Economy 90

Notaries 68

Executers 31

548


11

INTERNATIONAL COOPERATION

International cooperation in the area of personal data protection and participation in the international organizations and institutions competent for personal data protection is legal determination. For the development of DPDP and its efficient fulfillment of the competencies the alignment with the European development in the area of personal data protection is crucial. Today’s technological development and boost transfer of data and unlimited communications seeks openness of the institution to other countries and functioning in coordination with the organs for personal data protection from Europe and world. Today, DPDP implements international cooperation through three segments. Firstly, through transposition of the European legislation and its implementation.

Secondly, through participation in work of the European bodies for personal data protection.

Thirdly, through establishment of bilateral cooperation with DPA’s of EU countries.


12

STRATEGY FOR PERSONAL DATA STRATEGY FOR PERSONAL DATA PROTECTION PROTECTION

in Republic of Macedonia

2012 – 2016

The Strategy for personal data protection 2012 – 2016 is drafted with support from the IPA 2008 Program “Support in drafting strategic documents and action plans including survey on the awareness of the media for implementation of the right for personal data protection” realized in the DPDP in 2011. The Strategy is a medium – term document that determines the guidance for further activities. The priorities are determined for realization by setting up concrete goals, for the purpose of better protection of the personal data, increased awareness for the need of personal data protection, implementation of the Law on personal data protection by the controllers and processors and institutional structure of the DPDP that guarantee the right of privacy.


13

Strategic goals:

Ensuring efficient system for personal data protection Continuous harmonization of the national legislation for personal data

protection Facilitation of the approach and improvement of the efficiency of

evidence of the personal data collections Further increasing of the public awareness level for the right of personal

data protection Optimization of the institutional capacity Increased participation in the International cooperation Cooperation with the Commission for protection of the right of free

access to public information, the ombudsman and other state authorities


14

COMUNICATION STRATEGY FOR DIRECTORATE COMUNICATION STRATEGY FOR DIRECTORATE FOR PERSONAL DATA PROTECTION FOR PERSONAL DATA PROTECTION

One of the results from the IPA 2008 Project “Support to the Directorate for Personal Data Protection

In the process of preparation

Implementation from June 2012


15

RAISING PUBLIC AWARENESS

In order to ease the availability and transparency, the Directorate created an entirely new concept and design of the website where regularly publishes all news relating to the protection of personal data and recommendations for protection of this fundamental human right. More information you can find at www.privacy.mk

Following the new communication trends, the Directorate created a group - Directorate for the Protection of Personal Data - on one of the most visited social networking websites, Facebook. Through this group Directorate communicates with users of this service, publishes interesting articles for the right of protection of personal data and promotes ongoing activities.


http://www.privacy.mk/

16

Cooperation with mediaCooperation with mediaDaily newspaper Nova Makedonija -

Through the web portal of the newspaper Nova Makedonija, citizens have a possibility to ask questions regarding data protection. The Directorate prepares the answers that are published every Monday in the newspaper. Since the beginning of this cooperation, in June 2011 until the end of 2011, there were 45 received questions from citizens and 24 published articles in the daily newspaper.

Macedonian Television – every Tuesday in morning program – Good morning Macedonia (34 TV programs)

Cooperation with the Macedonian Radio Televisionis in the form of regular participation of the staff from the Directorate in the morning program “Good Morning Macedonia”, where every Tuesday actual topics from protection of personal data is elaborated. Citizens have the opportunity of directly asking questions in this open program. During 2011, there were 17 discussions on deferent topics related with protection of personal data.


17

EVENTSEVENTS

15 March – Day of Consumers

My number – my protected world

•Declaration on cooperation for joint organization of Open Days

PURPOSE:•contemporary developments in processing of the personal data through the information technology from the operators of public electronic communication services

•to raise the social responsibility of the business operators towards the consumers and the community


18

28th January, 2012

Celebration of Data Protection Day “Click safe”

- to increase the public awareness for the children’s safety on the internet and in the same time increase the awareness of the teachers and parents about children’s activities on internet.

- poetry and art competition for pupils

- safe use of internet discussed by the Ministry of

Education, the Directorate, the Ministry of Interior,

Microsoft Macedonia and the representatives of the

schools


19

28 January - European Day of Personal Data Protection

The European Day on Personal Data Protection was celebrated for the fifth time on 28 January 2011. Under the motto I OWN MY PRIVACY , the Directorate in cooperation with the Metamorphosis Foundation gave a presentation of the Guidance for privacy policy and public debate on the topic "Safe electronic communication: fiction or reality."

Safer Internet Day-February 8, 2011 - "Life online is more than a game" On February 8, 2011 Directorate took part in event Safer Internet Day- "Life online is more than a game" which was organized by the Foundation Metamorphosis. The event presented the principles of protection of personal data and their use of the Internet. Short films were projected, regarding on line chat, addictive games, online fraudand cyber violence, mobile phones and the web site Safe on the Internet was introduced (www.crisp.org.mk).


http://www.crisp.org.mk/

20

Regional Conference on “Strategic approach in development of the mechanisms for personal data protection” – 25th November 2011, Skopje

On 25 November 2011 the Directorate hosted the first international event in the Republic of Macedonia in the field of personal data - Conference for strategic approach to the development of mechanisms for protection of personal data, where the challenges of institutional protection of personal data in terms of development the necessary mechanisms were discussed. The Conference was realized with support from the Delegation of the European Union and the project team of IPA 2008 project "Support to the preparation of strategic documents and relevant action plans, including research on the awareness of media for improved implementation of the right of protection of personal data" which was implemented in the period from March untill November 2011.


21

International Conference

Modernization of the legislation for Personal Data Protection

30 – 31 May 2012

Skopje, Macedonia

more information on

http://www.privacy.mk/en/node/453


http://www.privacy.mk/en/node/453

22

Thank you for your attention

Dimitar Gjeorgjievski

director

Directorate for Personal Data Protection of the Republic of Macedonia

[email protected]


mailto:[email protected]

1 14 th ceedpa meeting kyiv, 20 – 22 may 2012 directorate for personal data protection republic of...

Documents

transfer of personal

protection assessment

support unit

statistics unit

inspection supervision

inspection supervision

public sector east unit

public sector west unit