September 4, 2025 For nine weeks, we have explained what personal data are, the rights of data subjects, the responsibilities of controllers and processors, the role of the Data Protection Officer, and the fines and sanctions imposed by the Information and Privacy Agency (IPA). This week, the tenth and concluding week of our series on…
August 28, 2025 The Law on Personal Data Protection is not a matter of choice or ethics, but a binding legal obligation that imposes direct responsibility and serious sanctions on any violator. The Law has granted the Information and Privacy Agency (AIP) full powers to investigate, order corrective measures, and impose administrative fines against controllers…
August 21, 2025 In an era where the processing of personal data is widespread and rapid, data security breaches represent a real and present risk for every data controller and processor. A data breach can severely impact the privacy and rights of individuals, causing serious legal consequences and reputational damage for the entities processing such…
14 August, 2025 The Data Protection Officer (DPO) is a key figure in the implementation of the Law on Personal Data Protection in Kosovo. The appointment of a DPO does not depend solely on the size of the organization, but on the nature and intensity of the processing of personal data, especially when it involves…
07 August, 2025 The Law on Personal Data Protection (LPDP) aims to ensure effective protection of personal data not only by guaranteeing individual rights, but also, by establishing clear responsibilities for controllers and processors. Who are controllers and processors? A controller is the entity that determines the purposes and means of processing personal data. A…
July 31, 2025 Every individual has the right to know, control, and restrict how their personal data is used. In Kosovo, these rights are guaranteed by the Constitution and the Law on Personal Data Protection (LPDP). The LPDP grants individuals, known as data subjects, a set of clear and enforceable rights that every public or…
July 24, 2025 In order for data controllers to lawfully process personal data, as required by the core principle of personal data protection, such processing must be based on a legal basis. The Law on Personal Data Protection (LPDP) defines six legal bases for the processing of non-sensitive personal data, while it provides a separate…
July 17, 2025 The core principles of personal data protection form the foundation of all processes involving the collection, processing, and management of personal data. Article 4 of the Law on Personal Data Protection (Law No. 06/L-082) sets out several fundamental principles that directly and indirectly impact all other rules and obligations set by the…
July 10, 2025 Personal data and its protection have become topics of high importance for every individual, business, or institution. However, what is equally important in this context is understanding: Below, we aim to explain these key issues in a simple and practical manner. What is considered personal data under the Law on Personal Data…
July 03, 2025 This article is the first in a series dedicated to personal protection in Kosovo. In this introductory part, we provide a historical and institutional overview to better understand the foundation upon which this system has been build. Personal Data Protection in Kosovo Over the Years Until 2010, Kosovo did not have a…