Дирекција за заштита на личните податоци Directorate for Personal Data Protection Republic of Macedonia - DPDP 14th CEEDPA meeting Kyiv, 20 – 22 May 2012 1 Дирекција за заштита на личните податоци STATUS of the Directorate for Personal Data Protection • Established on 22 June 2005 • Separate legal entity under the Law on Personal Data Protection • Independence from Governmental institutions • Financing: Budget of the Republic of Macedonia Дирекција за заштита на личните податоци ORGANOGRAM Director State chancellor Deputy Director Unit for managing human resources Dep. for inspection supervision – east Dep. for inspection supervision – west Dep..for legal affairs and international cooperation Dep.for Central register, IT support, planning, analyze and statistics Unit for inspection supervision over the public sector – east Unit for inspection supervision over the public sector – west Unit for legal affairs Unit for central R, planning, analyze and statistics Unit for inspection supervision over the private sector – east Unit for inspection supervision over the private sector –west Unit for international affairs and public relations Unit for IT support Unit for finance 3 Дирекција за заштита на личните податоци MISSION OF THE DIRECTORATE FOR PERSONAL DATA PROTECTION The Mission of the Directorate for Personal Data Protection is to ensure efficient system for every natural person to exercise its right of personal data protection through the inspection over the legality of processing of personal data. The Directorate is competent for: • Creation of normative framework for implementation of the legislation on personal data protection; • Implementation of the principles for personal data protection; • Issuing opinions on the acts of the controllers and processors and on the processing of personal data; • Performing inspection over the processing of personal data and their protection; • Assessment of the lawfulness of the processing of personal data; • Maintenance of the Central Register of collections of personal data; • Keeping evidence and issuing approvals for transfer of personal data to other countries; • Achieve international cooperation in the field of personal data protection and participate in the work of the internationalorganizations and institutions for personal data protection Besides those basic functions, the Directorate aims to realize its strategic goals: • Acting upon requests of natural persons for violation of their right of personal data protection; • Rising public awareness of the controllers and processors and the general public and • Promotion of preventive instead of repressive mechanisms, activities and methods in the performance of the competencies defined in the Law on personal data protection in the Republic of Macedonia. 4 Дирекција за заштита на личните податоци INSPECTION Main competence of the Directorate given in the Article 37 of the Law on personal data protection (“Official Gazette of the Republic of Macedonia” n. 7/05, 103/08, 124/10 and 135/11), “is performing inspection over the legality of the activities for processing of personal data and their protection on the territory of the Republic of Macedonia”. In 2011, the number of inspectors in the Directorate increased which enabled new conditions for the work of the inspectors such as direct education and equipping with the newest IT technology. In July 2011, inspectors were certified for ISO 27001. This certificate gives the inspectors stronger capacity for performing inspections at the controllers and processors that have complex IT infrastructure i.e. the inspectors upgraded their knowledge in other areas. 5 Дирекција за заштита на личните податоци Compared to 2010, the Directorate for Personal Data Protection increased the number of inspections. With a total number of 117 inspections in 2010, out of which 18 were transferred in 2011, during 2011, 146 inspections were performed. Inspection in 2011 Inspection in 2010 Inspection in 2009 Inspection in 2008 0 20 40 60 80 100 120 140 160 6 Дирекција за заштита на личните податоци SIN - Software for inspection This software, through a broadband internet connection, which can be used out of the premises of the Directorate, will contribute to • more efficient and economic performance • generating reports • planning inspections The inspection procedure is completely realized on the spot during the course of the inspection which contributes in cutting of post expenditures and the time needed for the procedure and in raising the efficiency of the inspectors raising the efficiency of the inspectors and cutting of post expenditures 7 Дирекција за заштита на личните податоци CONSULTATIONS 250 200 150 Opinions Reprimands In public sector 100 In private sector 50 0 2006 2007 2008 2009 2010 2011 Compared data show that the need for issuing opinions and reprimands is bigger in every year. The total number in 2011 is almost two times higher than 2010. The increased of the number of the requests for opinions shoes that the interest of the subjects for the right of personal data protection is increased as well. All this shows that the work of the Directorate profiles the right of privacy as one of the basic human rights protected by law. 8 Дирекција за заштита на личните податоци Participation in policy making and involvement of DPDP In the process of drafting of laws We have submitted to the Government of the Republic of Macedonia, an initiative for amending the Rules of Procedure on the Work of the Government of the Republic of Macedonia, which enables obligatory consultation of DPDP when the laws, materials, by-laws and other regulations that involve protection of privacy and personal data are prepared. Our initiative has been accepted and has resulted with adoption of the amendment to the Rules of Procedure on the Work of the Government of the Republic of Macedonia that stipulates the participation of DPDP in the process of drafting laws and by-laws. Namely, Article 68 paragraph 1 line 9 from the Rules of Procedure on the Work of the Government of the Republic of Macedonia stipulates that Ministries and other state administrative bodies are obliged to submit to DPDP all materials, draft laws, by-laws, and other draft regulations in the field of personal data protection for opinion of DPDP, prior to their submission to the Government. 9 Дирекција за заштита на личните податоци TRAINIGS For the purpose of raising the quality of the personal data protection from the data controllers and processors and in the same time raising the general public awareness, the Directorate is organizing in the framework of its jurisdiction is organizing and implementing training/seminars for all interested data controllers and processors. During 2011, the Directorate has organized and implemented 37 trainings where 758 participant from 548 controllers and processors participated. Controller/processor Number Local self-government 46 Banking 14 Insurance 8 Telecommunication 4 Primary schools 182 Secondary schools 85 Faculties 7 State institutions 13 Economy 90 Notaries 68 Executers 31 548 Area Education Health Media Banking, investment funds, and stocks Telecommunications Pension funds Public administration Economy Judiciary Insurance Local Self-government Security Agencies Energy Hotel Services Number of participants 343 4 2 42 36 4 22 65 101 32 61 22 16 8 758 10 Дирекција за заштита на личните податоци INTERNATIONAL COOPERATION International cooperation in the area of personal data protection and participation in the international organizations and institutions competent for personal data protection is legal determination. For the development of DPDP and its efficient fulfillment of the competencies the alignment with the European development in the area of personal data protection is crucial. Today’s technological development and boost transfer of data and unlimited communications seeks openness of the institution to other countries and functioning in coordination with the organs for personal data protection from Europe and world. Today, DPDP implements international cooperation through three segments. Firstly, through transposition of the European legislation and its implementation. Secondly, through participation in work of the European bodies for personal data protection. Thirdly, through establishment of bilateral cooperation with DPA’s of EU countries. 11 Дирекција за заштита на личните податоци STRATEGY FOR PERSONAL DATA PROTECTION in Republic of Macedonia 2012 – 2016 The Strategy for personal data protection 2012 – 2016 is drafted with support from the IPA 2008 Program “Support in drafting strategic documents and action plans including survey on the awareness of the media for implementation of the right for personal data protection” realized in the DPDP in 2011. The Strategy is a medium – term document that determines the guidance for further activities. The priorities are determined for realization by setting up concrete goals, for the purpose of better protection of the personal data, increased awareness for the need of personal data protection, implementation of the Law on personal data protection by the controllers and processors and institutional structure of the DPDP that guarantee the right of privacy. 12 Дирекција за заштита на личните податоци Strategic goals: Ensuring efficient system for personal data protection Continuous harmonization of the national legislation for personal data protection Facilitation of the approach and improvement of the efficiency of evidence of the personal data collections Further increasing of the public awareness level for the right of personal data protection Optimization of the institutional capacity Increased participation in the International cooperation Cooperation with the Commission for protection of the right of free access to public information, the ombudsman and other state authorities 13 Дирекција за заштита на личните податоци COMUNICATION STRATEGY FOR DIRECTORATE FOR PERSONAL DATA PROTECTION One of the results from the IPA 2008 Project “Support to the Directorate for Personal Data Protection In the process of preparation Implementation from June 2012 14 Дирекција за заштита на личните податоци RAISING PUBLIC AWARENESS In order to ease the availability and transparency, the Directorate created an entirely new concept and design of the website where regularly publishes all news relating to the protection of personal data and recommendations for protection of this fundamental human right. More information you can find at www.privacy.mk Following the new communication trends, the Directorate created a group Directorate for the Protection of Personal Data - on one of the most visited social networking websites, Facebook. Through this group Directorate communicates with users of this service, publishes interesting articles for the right of protection of personal data and promotes ongoing activities. 15 Дирекција за заштита на личните податоци Cooperation with media Daily newspaper Nova Makedonija Through the web portal of the newspaper Nova Makedonija, citizens have a possibility to ask questions regarding data protection. The Directorate prepares the answers that are published every Monday in the newspaper. Since the beginning of this cooperation, in June 2011 until the end of 2011, there were 45 received questions from citizens and 24 published articles in the daily newspaper. Macedonian Television – every Tuesday in morning program – Good morning Macedonia (34 TV programs) Cooperation with the Macedonian Radio Televisionis in the form of regular participation of the staff from the Directorate in the morning program “Good Morning Macedonia”, where every Tuesday actual topics from protection of personal data is elaborated. Citizens have the opportunity of directly asking questions in this open program. During 2011, there were 17 discussions on deferent topics related with protection of personal data. 16 Дирекција за заштита на личните податоци EVENTS 15 March – Day of Consumers My number – my protected world •Declaration on cooperation for joint organization of Open Days PURPOSE: •contemporary developments in processing of the personal data through the information technology from the operators of public electronic communication services •to raise the social responsibility of the business operators towards the consumers and the community 17 Дирекција за заштита на личните податоци 28th January, 2012 Celebration of Data Protection Day “Click safe” - to increase the public awareness for the children’s safety on the internet and in the same time increase the awareness of the teachers and parents about children’s activities on internet. - poetry and art competition for pupils - safe use of internet discussed by the Ministry of Education, the Directorate, the Ministry of Interior, Microsoft Macedonia and the representatives of the schools 18 Дирекција за заштита на личните податоци 28 January - European Day of Personal Data Protection The European Day on Personal Data Protection was celebrated for the fifth time on 28 January 2011. Under the motto I OWN MY PRIVACY , the Directorate in cooperation with the Metamorphosis Foundation gave a presentation of the Guidance for privacy policy and public debate on the topic "Safe electronic communication: fiction or reality." Safer Internet Day-February 8, 2011 - "Life online is more than a game" On February 8, 2011 Directorate took part in event Safer Internet Day- "Life online is more than a game" which was organized by the Foundation Metamorphosis. The event presented the principles of protection of personal data and their use of the Internet. Short films were projected, regarding on line chat, addictive games, online fraudand cyber violence, mobile phones and the web site Safe on the Internet was introduced (www.crisp.org.mk). 19 Дирекција за заштита на личните податоци Regional Conference on “Strategic approach in development of the mechanisms for personal data protection” – 25th November 2011, Skopje On 25 November 2011 the Directorate hosted the first international event in the Republic of Macedonia in the field of personal data - Conference for strategic approach to the development of mechanisms for protection of personal data, where the challenges of institutional protection of personal data in terms of development the necessary mechanisms were discussed. The Conference was realized with support from the Delegation of the European Union and the project team of IPA 2008 project "Support to the preparation of strategic documents and relevant action plans, including research on the awareness of media for improved implementation of the right of protection of personal data" which was implemented in the period from March untill November 2011. 20 Дирекција за заштита на личните податоци International Conference Modernization of the legislation for Personal Data Protection 30 – 31 May 2012 Skopje, Macedonia more information on http://www.privacy.mk/en/node/453 21 Дирекција за заштита на личните податоци Thank you for your attention Dimitar Gjeorgjievski director Directorate for Personal Data Protection of the Republic of Macedonia dimitar.gjeorgievski@privacy.mk 22