Legal analysis of the law
- Title of the law and Official Gazette number (last change or modification)?
Law on payment operations („Official Gazette of the Republic of Macedonia“no. 113/2007; 22/2008; 159/2008; 133/2009; 145/2010; 35/2011; 11/2012; 59/2012; 166/2012 and 170/2013)
- Does the Law envisage processing of personal data and in what type of Collection (Evidence, Register, Database)?
Register of transaction accounts
- What is the purpose of collecting personal data? Is that purpose clear?
- What categories of personal data are collected? Is the scope in compliance with the purpose?
According to this law, payment instruments and their content and form, other than the form of payment instruments contained in the transfer media, are being provided by the Minister of Finance. With this formulation, the content of the payment instruments are still to be determined by a Rulebook which is not in accordance with the principles of protection of personal data. Additionally, the practice shows that in payments from individuals, the payment instrument contains the PIN without legal basis.
- Who collects the personal data at first instance? (company, institution)
The payment operator.
- Is the Consent of the data subject for personal data protection envisaged by this law?
- Is the keeping period of personal data clearly defined?
- Does the law contain separate provision for personal data protection that clearly states the implementation of technical and organizational measures?
- Is the processing of personal data prescribed by this law connected to implementation of another law?
- Are there any exceptions for processing of sensitive data? (PIN, biometrics, video surveillance)