The Directorate for Personal Data Protection ('DZLP') adopted, on 11 May 2020, the rulebook on security of personal data processing ('the Rulebook'). In particular, the Rulebook prescribes instructions for data controllers when applying technical and organisational measures to ensure the security of personal data processing, and covers a range of contexts, including data transfers to third countries, backup and restoration of personal data, and encryption of personal data. Specifically, Article 5 of the Rulebook provides that in case of hardware and/or software maintenance or other activities of the information system, personal data can be transferred to third countries only in accordance with the conditions set out in personal data protection regulations. In addition, Article 22 of the Rulebook provides, among other things, that regarding security copies, the controller shall apply the same security level to technical and organisational measures as well as for the data stored on the operating servers. Furthermore, Article 25 of the Rulebook provides that the controller shall, based on the risk assessment and taking into account the nature, volume, context, and the purposes of personal data processing, encrypt personal data, and always use crypto-technical solutions which ensure integrity, confidentiality, and the authenticity of personal data. 

You can read the press release here and the Rulebook here, both only available in Macedonian.