On 14 May 2025, significant changes were made to North Macedonia’s personal data protection legislation. The Assembly of the Republic passed an amendment to expand the nations where personal data can be shared freely, without facing third-country transfer restrictions. Previously, such exemptions were only granted to European Union (EU) member states and those in the European Economic Area (EEA). Now, countries that are members of NATO are also included in this list.
What does this mean for businesses and organisations handling personal data in North Macedonia? Before this amendment, when companies wished to transfer personal data to EU or EEA countries, specific restrictive rules did not apply, although they were still required to notify North Macedonia’s Agency for Personal Data Protection (“Agency”) about these transfers. With the new amendment, the notification requirement now extends to NATO member countries too. Therefore, data transfers to NATO countries, like the USA, the UK, Türkiye, etc. will only require a simple notification to the Agency, bypassing the more cumbersome third-country restrictions such as adequacy decisions, the need for appropriate safeguards, and in some cases, prior approval from the Agency.
This amendment not only changes the legal landscape but could also streamline data sharing with key international partners. This amendment will become effective on the day of its publication in the Official Gazette of North Macedonia. Furthermore, the related bylaw must be adopted within 15 days following its effectuation.
In summary, the amendment facilitates easier and broader data transfer possibilities for North Macedonia, aligning it closer with global allies and potentially boosting international cooperation and business operations. Organisations should prepare to comply with the notification obligations to remain within the legal framework.
The information in this document does not constitute legal advice on any particular matter and is provided for general informational purposes only.
