Law: Law No. 06/L-082 on Personal Data Protection (the Law)

Regulator: Information and Privacy Agency (AIP)

Summary: Kosovo implemented Law No. 06/L-082 on Personal Data Protection (the Law), in January 2019, which came into force on March 12, 2019. The Law is expressly aligned with the GDPR, and, similar to the GDPR, sets out data subject rights, such as the right of access, right to rectification, and right to deletion. The Information and Privacy Agency (AIP) is the regulatory authority under the Law and while the Law does not require organizations to register with the AIP prior to processing personal data, the AIP is mandated with issuing certifications to organizations processing data. The AIP has the power to impose fines for violations of the law of up to €40,000 or 2% to 4% of the annual turnover of the preceding year.