The protection of personal data in justice and public security institutions, as well as the role of the Data Protection Officer (DPO), were the focus of the awareness-raising activity organized by the Office of the Commissioner for the Right to Information and Personal Data Protection, with the participation of representatives of the justice and public security system.

In his speech, Commissioner Besnik Dervishi described Law No. 124/2024 “On the Protection of Personal Data” as an important step towards strengthening guarantees for the fundamental rights and freedoms of the individual, emphasizing that the use of personal data by law enforcement authorities must always be based on law, proportionate and closely related to the respective purpose.

Commissioner Dervishi underlined that the protection of personal data should not be seen as an obstacle for law enforcement institutions, but as a democratic standard that increases public trust in institutions. He also emphasized that effective implementation of the law requires institutional cooperation, investment in secure technologies, increased professional capacities and strengthening the culture of personal data protection.

During the event, the Commissioner's Office presented the findings and recommendations resulting from the supervisory processes and administrative investigations conducted in the competent authorities, highlighting concrete issues related to the lack of internal regulatory acts for the processing of personal data, the lack of special procedures for sensitive data, the storage of personal data beyond the legally established deadlines, as well as the lack of ongoing training for staff who process personal data.

Special attention was paid to the role of the Data Protection Officer (DPO), where it was highlighted that in some institutions his appointment is still missing, while in other cases the role of the DPO remains formal and not involved in decision-making processes and the drafting of acts related to the processing of personal data.

In this context, the Commissioner's Office recommended strengthening the functional independence of the DPO, his involvement in the drafting of information security policies and internal audits, as well as ensuring an active role in overseeing the lawfulness and transparency of the processing of personal data.

The activity also focused on the need to draft and review internal regulations, establish concrete deadlines for the storage of personal data, take additional technical and organizational measures for data protection, and conduct ongoing training for employees of competent authorities.

The Commissioner's Office reiterated its commitment to supporting public institutions in the implementation of the new legislation on the protection of personal data, in order to guarantee the fundamental rights of citizens and strengthen the rule of law.