In the first days of January 2018, representatives of the Data protection directorate of Republic of Macedonia took part in an educative visit to the Bulgarian data protection authority, during which time the two institutions exchanged experiences linked to their supervisory powers, and also discussed the possibilities of adopting a common reaction approach to events in the sphere of cross-border data protection.
The Commission for personal data protection (CPDP) accomplishes regular cooperation with its international partnering institutions. In this connection, our representatives are helping the Data protection directorate of Republic of Macedonia in the accomplishment of a project – „Support to access to right on Protection of Personal Data”, financed with European Union means.
With the goal of achieving higher practical effectiveness of the project, on the 9th and 10th of January 2018 a joint-inspection of a data controller was conducted as a simulation exercise. The making of such joint operations is also a new power granted to the data protection authorities, stemming from the General Data Protection Regulation 2016,679, which will apply from May 25th 2018.
„Credissimo” AD was chosen as the subject of this inspection. The choice of precisely this company was dictated by the fact that as a result of a data transfer of the company’s Macedonian subsidiary, „Credissimo” AD processes personal data of Macedonian citizens. The subject-matter of the inspection is very topical and relevant in the conditions in which the world economy operates – prevailing presence of cross-border companies with activities in plenty of jurisdictions and with consistent intrastate and interstate data exchange. In addition to the considerations surrounding the choice of a company, the fact that „Credissimo” AD recently reported a ‘fishing-attack’ to the competent authorities, including CPDP, was also taken into account. The reaction measures adopted by the company in this scenario were an additional goal of the joint-inspection.
The making of such educative inspections is an example of a good practice, considering the anticipated and heightened joint control of national supervisory authorities after the commencement of the application of the new European Data Protection Rules, as of May 25th 2018.