The Information and Data Protection Commissioner’s Office, in cooperation with the “EU for Good Governance” project, organized the activity on the topic “Certification and Accreditation under Law No. 124/2024 ‘On the Protection of Personal Data’”.

The purpose of this activity was to present and discuss the certification mechanisms and accreditation procedures, provided for by the new legal framework and the relevant by-laws, with the aim of increasing standards in the processing of personal data, transparency and public trust.

In his speech, the Information and Data Protection Commissioner, Mr. Besnik Dervishi, emphasized the importance of personal data protection as an essential element for every public and private controller, noting that the protection of the individual lies at the heart of this process. He also focused on the challenges encountered during the implementation of the legislation, especially in the public sector, and underlined that Law No. 124/2024 brings a new approach, aiming to strengthen standards without compromising the functioning of institutions. The Commissioner emphasized that the role of the institution remains supervisory and regulatory, while the certification and accreditation processes will be carried out by the relevant bodies determined by law.

International expert Mr. Zoran Jacev emphasized the importance of practical handling of issues related to the implementation of the legislation on the protection of personal data, underlining that many of the challenges will be addressed through practice and continuous cooperation with the Commissioner’s Office. He also emphasized the need for continuous communication to solve concrete problems and build sustainable practices in this field.

Following the activity, Ms. Pjerina Mema presented in detail the Instruction No. 08, dated 20.11.2025 “On the accreditation of certification bodies” and the Instruction No. 09, dated 20.11.2025 “On certification and issuing of personal data protection seals”, clarifying the procedures, criteria and their importance in building a functional certification system. She emphasized that these by-laws represent advanced technical developments in accordance with international standards. During the discussions, Ms. Ana Kapanadze, international expert of the project, addressed the concept of personal data processing as a specific activity that can and should be certified, emphasizing that certification increases credibility and creates positive competition between controllers. She explained that the Commissioner’s Office determines the legal framework and criteria, while the accreditation of certification bodies and the creation of certification schemes enable the practical implementation of this process. She also underlined that certification requires time and preparation, even for the most advanced organizations, and that a key role is played by meeting technical standards, as well as ensuring the principles of confidentiality, accountability and legal liability. According to her, an essential element for assessment by certification bodies is the existence of a clear and effective personal data management system.

The activity served as an important discussion platform with questions and answers for public institutions, private sector representatives and experts in the field, contributing to raising awareness and preparation for the implementation of new legal requirements in the field of personal data protection.