A Comprehensive Insight into Data Protection Practices in Kosovo
The Institute for Technology and Society (ITS) is proud to unveil its latest report, Challenges and Regulatory Obligations for Large Data Processors. This comprehensive study examines Kosovo’s data protection landscape, with a focus on the practices, challenges, and regulatory obligations faced by large-scale data processors in both public and private sectors.
Funded by the HumanRightivism project through the Community Development Fund (CDF) supported by the Embassy of Sweden in Pristina, this report highlights the critical role of data protection in fostering public trust and ensuring compliance with global standards.
This report provides an in-depth look at:
- Regulatory Compliance: Evaluating how well Kosovo aligns with GDPR and the challenges of implementing the Law on Protection of Personal Data (LPPD).
- Sectoral Focus: Insights into compliance among major sectors like telecommunications, finance, healthcare, public administration, and education.
- Case Studies: Real-world examples from the Kosovo Electricity Supply Company (KESCO) and Gjakova Municipality.
- Survey Findings: A detailed analysis of public and private sector data protection practices.
Key Findings:
- Large data processors in Kosovo, including financial institutions and public utilities, face significant hurdles in achieving compliance due to limited resources and capacity.
- The telecommunications and financial sectors demonstrate better alignment with LPPD standards, but gaps remain in smaller entities.
- Public institutions are often under-resourced, leading to insufficient updates to data protection policies and limited employee training.
- Case studies reveal non-compliance issues, such as inadequate safeguarding of personal data and insufficient enforcement of privacy measures.
Recommendations:
To strengthen data protection practices in Kosovo, the report emphasizes the need for:
- Enhanced resources for the Information and Privacy Agency (IPA) to conduct regular audits and inspections.
- Mandatory staff training on data protection, particularly in public institutions.
- Greater public awareness campaigns to empower citizens about their data privacy rights.
- Adoption of Privacy by Design principles and regular updates to policies and Data Protection Impact Assessments (DPIAs).
Why It Matters:
As Kosovo integrates further into the global digital economy, robust data protection measures are essential for safeguarding citizens’ privacy, ensuring compliance, and fostering trust in digital services. This report serves as a roadmap for stakeholders to navigate the complexities of data protection and drive positive change.
The full report is now available in English and Albanian for download. Discover actionable insights and join the dialogue on improving data protection in Kosovo: