Legal analysis of the law
- Title of the law and Official Gazette number (last change or modification)
Law on Safety and Health at Work (“Official Gazette of the Republic of Macedonia“ n.92/2007, 136/2011, 23/2013, 25/2013, 137/2013, 164/2013 and 158/2014)
- Does the Law envisage processing of personal data and in what type of Collection? (Evidence, Register, Database)
The law envisages the processing of personal data in a record of specific and periodic check-ups.
- What is the purpose of collecting personal data? Is that purpose clear?
Safety and health at work.
- What categories of personal data are collected? Is the scope in compliance with the purpose?
According to this law, for ensuring safety and health at work the health institutions process the following personal data – anamnesis data (ongoing anamnesis, main problems, current disease, family anamnesis, personal anamnesis, and socioepidemiological data), status according to systems and anthropometry (body mass, body height, and body mass index), basic laboratory analyses, that is, sedimentation, blood test (erythrocytes, hemoglobin, hematocrit, leukocytes, glicemy, cholesterol, triglycerides), urine, glucose, proteins, bilirubin, urobilinogen, sediment, testing the functions of the eye (visual acuity at near and far distances), audiometry, spirometry, ECG eads, and lungs radiophotography – at discretion of a doctor.
Depending on the job risk assessment and the characteristics of the determined professional harmfulness and dangers, along with the standard minimum, additional check-ups under the bylaw shall be done.
All those data are kept in the medical record of every employee in accordance with the Law on Health Records and the employer receives a report on the working ability for the employee.
Definition on the manner of delivering the reports separately from the medical examination results should be done.
- Who collects the personal data at first instance? (company, institution)
- Is the Consent of the data subject for personal data protection envisaged by this law?
- Is the keeping period of personal data clearly defined?
No. Precise definition of the keeping period is needed. Connection with the Law on Labor Relations has to be done.
- Does the law contain separate provision for personal data protection that clearly states the implementation of technical and organizational measures?
No. Separate part for personal data protection has to be added.
- Is the processing of personal data prescribed by this law connected to implementation of another law?
Law on Health Records
- Are there any examptions for processing of sensitive data? (PIN, biometrics, video survelliance)