The Kosovo Accreditation Agency (KAA), in accordance with the Law on Personal Data Protection, has drafted and approved the Guideline on Personal Data Protection.

This document sets out the procedures and the technical and organizational measures to be implemented in order to ensure the security, confidentiality, and integrity of personal data throughout its processing and storage.

The Guideline is intended to strengthen KAA’s internal institutional mechanisms for the protection of personal data, ensuring that such data is processed lawfully, transparently, and solely for specified purposes.

It also provides for concrete measures concerning risk management, access control, the reporting of potential data breaches, as well as the responsibilities of officials in the implementation of data protection standards.

Its content further addresses the rights of data subjects, including the right to information, access, rectification, restriction of processing, and data portability, in accordance with the applicable legislation.

In addition, the Guideline defines the role of the Personal Data Protection Officer and the measures to be undertaken to ensure security within information systems and physical documentation.

By adopting this Guideline, KAA reaffirms its commitment to strengthening institutional accountability and to implementing high standards in the protection of personal data, with a view to enhancing legal certainty, transparency, and public trust.

KAA’s Guideline on Personal Data Protection will be published on the Agency’s official website once confirmation is received from the Agency for Information and Privacy that its content is in compliance with the Law on Personal Data Protection.