Public-Private Dialogue on Data Protection: Challenges and Responsibilities for Businesses

Tirana, March 10, 2025 – The Secretariat of the Investment Council and the Commissioner for the Right to Information and Personal Data Protection, in cooperation with the Foreign Investors Association of Albania (FIAA), organised a dialogue with the business community (around 40 local and foreign businesses) to raise awareness of the rights and obligations stemming from Law No. 124/2024 “On the Protection of Personal Data.” This meeting forms part of the Investment Council’s mission to facilitate public-private dialogue and provide an inclusive platform for open consultations on business-related issues.

In his address, the Commissioner for the Right to Information and Personal Data Protection, Mr Besnik Dervishi, highlighted the law’s broad impact on businesses, introducing key innovations in the obligations related to personal data processing. He emphasised the need for businesses to develop internal data protection policies in a timely manner and align their practices with the new legal framework. “The new law requires a fresh approach, a new mindset. It is essential that all stakeholders understand and implement the law correctly. We stand ready to cooperate and support businesses in this process, fostering a transparent and accountable institutional partnership,” said Mr Dervishi.

Following this, the President of FIAA, Mr Balazs Revesz, underscored the importance of the dialogue as a valuable opportunity to address the challenges and responsibilities businesses will face in implementing the law. He stressed that transparency and legal clarity are crucial, particularly for companies processing large volumes of personal data. These businesses must invest in more secure systems and enhance their internal capacities for risk management. Mr Revesz also highlighted the critical role of public institutions and business organizations in providing guidance and specialised training to ensure compliance.

During the open discussion, business representatives shared their concerns and insights regarding the practical challenges of implementing the law. Key issues raised included the financial and operational burden of compliance, resource allocation for data protection measures, and the complexities of managing sensitive data. Participants also called for clearer guidelines on reporting data breaches, data retention obligations, and audit and oversight mechanisms. This discussion was an important step in helping businesses prepare for the new regulatory requirements while reinforcing cooperation between the private sector and regulatory institutions.