ZZLP

Law on Personal Data Protection (Zakon za zaštita na ličnite podatoci)

Flag of MK
North MacedoniaOpt-inNational
Back to Regulations Guide

Key Facts

Effective Date
February 24, 2020
Enacted
January 16, 2020
Enforcing Authority
DZLP (Agency for Personal Data Protection)
Consent Model
Opt-in
Applies To
Any organization processing personal data of individuals in North Macedonia

Overview

North Macedonia's ZZLP fully aligns with the EU GDPR as part of its EU accession efforts. While the penalty structure mirrors GDPR tiers (2%/4% of annual income), the DZLP has primarily issued warnings rather than imposing fines due to enforcement capacity challenges.

What This Means for Your Website

  • Consent must be freely given, specific, informed, and unambiguous for personal data processing
  • Privacy notices are required upon website arrival
  • The DZLP has primarily used warnings rather than fines in enforcement to date
  • GDPR-mirrored penalty tiers apply theoretically

Key Requirements

The DZLP enforces the ZZLP with GDPR-mirrored penalty tiers: up to 2% of annual income (lower tier) and up to 4% (higher tier). In practice, the DZLP has faced enforcement challenges and primarily issues warnings. The law requires data protection by design and by default, data breach notification, and standard data subject rights.

How ConsentStack Handles This

ConsentStack presents visitors from North Macedonia with a GDPR-compliant consent banner, ensuring compliance with ZZLP requirements.

Penalties

Up to 2% of annual income (lower tier); up to 4% of annual income (higher tier).

Revenue-based
4% of annual revenue

Key Requirements

  • Consent must be freely given, specific, informed, and unambiguous
  • Privacy notices required upon website arrival
  • Data protection by design and by default
  • Data subject rights aligned with GDPR
  • Data breach notification requirements

Notable Provisions

  • GDPR-aligned penalty tiers (2%/4% annual income)
  • DZLP primarily issues warnings rather than fines
  • EU candidate country
  • No specific cookie legislation

Other Europe Regulations

GDPREuropean Union + EEA
The GDPR sets the global standard for data protection, requiring explicit opt-in consent before processing personal data of EU/EEA residents. For websites, non-essential cookies must be blocked until visitors actively consent. Pre-ticked boxes and implied consent are invalid.
PECRUnited Kingdom
PECR is the UK's cookie-specific law, requiring consent before storing or accessing cookies. The DUAA 2025 significantly increased penalties from GBP 500,000 to GBP 17.5 million and introduced analytics exceptions on an opt-out basis. Only strictly necessary cookies are exempt.
ePrivacy DirectiveEuropean Union + EEA
Article 5(3) of the ePrivacy Directive is the primary EU legal basis requiring cookie consent. It mandates prior informed consent before storing or accessing any information on a user's device, with narrow exceptions only for transmission necessity and explicitly requested services.
Loi Informatique et LibertésFrance
France has the most actively enforced cookie regime in Europe. CNIL issued 259 corrective decisions in 2025, with cookie-specific fines totaling EUR 486.8 million including EUR 325M against Google. A Refuse all button or Continue without accepting must appear on the first layer.
UK GDPRUnited Kingdom
The UK GDPR is the retained EU GDPR post-Brexit, with consent standards identical to the EU version. The UK adequacy decision was renewed December 2025, valid until December 2031. Combined with PECR, it forms the legal framework for cookie consent in the UK.
TDDDGGermany
Germany implements the ePrivacy Directive through Section 25 of TDDDG (renamed from TTDSG in May 2024). A Consent Management Ordinance (EinwV) became effective April 2025, establishing a voluntary framework for recognized consent management services. Cookie banners must not obscure website content.

Frequently Asked Questions

Does North Macedonia follow GDPR?

North Macedonia's ZZLP fully aligns with the EU GDPR as part of its EU accession process. Penalty tiers mirror GDPR at 2% and 4% of annual income.

Is North Macedonia enforcing data protection?

The DZLP has faced enforcement challenges and primarily issues warnings. However, the legal framework supports GDPR-level penalties.

Does North Macedonia have cookie-specific laws?

No. General data protection consent requirements under the ZZLP apply to cookies processing personal data.

Stay compliant with ZZLP

ConsentStack helps you implement Opt-in consent for North Macedonia automatically.

Get started free