Data Privacy in Albania: Legal Reforms and Implementation Challenges

shapanqqcceqd · Post by **shapanqqcceqd** » Sun May 18, 2025 10:35 am

Albania has made significant strides in enhancing data privacy protections, aligning its legal framework with European Union standards, particularly the General Data Protection Regulation (GDPR). The cornerstone of this transformation is Law No. 124/2024, enacted on December 19, 2024, and effective from February 1, 2025. This legislation replaces the previous Law No. 9887/2008 and introduces comprehensive measures to safeguard personal data.
KPMG

Key Provisions of the New Law

Broader Scope and Extraterritorial Application
The new law extends its jurisdiction to foreign entities albania whatsapp number data processing personal data of individuals in Albania, necessitating the appointment of a local representative to ensure compliance.
KPMG

Enhanced Rights for Data Subjects
Individuals are granted strengthened rights, including the right to be forgotten, data portability, and enhanced access to information regarding data processing activities.
EY

Obligations for Data Controllers and Processors
Entities handling personal data must implement "Data Protection by Design and by Default" principles, conduct Data Protection Impact Assessments (DPIAs) for high-risk processing, and notify the Data Protection Commissioner of data breaches within 72 hours.
EY

International Data Transfers
The law facilitates data transfers to countries with inadequate data protection by utilizing mechanisms such as Standard Contractual Clauses, Binding Corporate Rules, and certification mechanisms.
EY

Sanctions for Non-Compliance
Violations can result in significant penalties: up to 1 billion ALL (approximately €8 million) or 2% of global annual turnover for less severe infringements, and up to 2 billion ALL (approximately €16 million) or 4% of global annual turnover for more severe violations.
EY

Implementation and Enforcement

The Commissioner for the Protection of Personal Data is tasked with overseeing compliance, handling complaints, and enforcing the provisions of the law. Entities are required to cooperate with the Commissioner and provide necessary documentation upon request.