On 24 September 2024, the Ministry of Public Security opened a consultation on the Draft Law on Personal Data Protection until 24 November 2024. The draft law requires organisations to implement suitable technical and organisational measures to safeguard personal data against unauthorised access, disclosure or misuse. This encompasses the establishment of a dedicated data protection officer or department for the purpose of providing oversight, although small and medium-sized enterprises and startups may be temporarily exempt. In the event of a personal data breach, the relevant authorities and data subjects must be informed. The notification must include a detailed account of the nature of the breach, its consequences, and the measures taken to mitigate its impact. It is required that organisations conduct regular risk assessments and audits in order to ensure ongoing compliance with data protection legislation.
Original source