Legal analysis of the law
- Title of the law and Official Gazette number (last change or modification)
Law on Compulsory Traffic Insurance – (“Official Gazette of the Republic of Macedonia“ no. 88/2005, 70/2006, 81/2008, 47/2011, 135/2011 and 112/2014)
- Does the Law envisage processing of personal data and in what type of Collection? (Evidence, Register, Database)
The law envisages the processing of personal data in the following forms:
Databases of the insured;
Databases of the incurred damages;
Databases for estimation of the insurance security and the level of damage;
- What is the purpose of collecting personal data? Is that purpose clear?
Carrying out activities related to traffic insurance.
- What categories of personal data are collected? Is the scope in compliance with the purpose?
This law stipulates that the provisions of the Law on Insurance Supervision are also applicable to the processing of personal data for the purposes of carrying out activities for traffic insurance. Clear and precise definition of the categories of personal data should be done in this law.
- Who collects the personal data at first instance? (company, institution)
Insurance brokerage companies;
National Insurance Bureau.
- Is the Consent of the data subject for personal data protection envisaged by this law?
No. For the cases when the data should be given to the National Insurance Bureau for analyses, the Consent of the data subject should be stipulated by law.
- Is the keeping period of personal data clearly defined?
Yes. Article 36 and 38 envisage that the period of keeping personal data in the Information register at the National Insurance Bureau is defined “at least for 7 years”. This formulation is not in compliance with the LPDP because the keeping period should be concrete and precise.
- Does the law contain separate provision for personal data protection that clearly states the implementation of technical and organizational measures?
No. Law on Compulsory Traffic Insurance also needs additional provision for the technical and organizational measures not only for the internal procedures of the insurance companies but as well for the conclusion of agreements with the data Users and sharing data with other subjects (MOI, MLSP etc).
- Is the processing of personal data prescribed by this law connected to implementation of another law?
Law on Insurance Supervision.
- Are there any exceptions for processing of sensitive data? (PIN, biometrics, video surveillance)
- Is there an opinion issued by the DPDP regarding this law and is that opinion taken into consideration?
DPDP has issued Approval for processing of PIN, Analyses of the state of play in the insurance sector based on performed inspections, Opinion on the keeping periods and sharing personal data with the brokerage companies.