Albania's personal data protection law: A legal framework harmonized with the GDPR

As Albania moves to join the European Union, it is taking significant steps to bring its laws as close as possible to those of EU member states. These efforts aim to address numerous legal gaps in several areas, which, until recently, lacked regulation consistent with the European context.

Albania is currently recognized as a candidate country for EU membership and is in negotiations to join the EU, which includes aligning Albanian laws with EU standards. Law No. 124/2024 on personal data protection, which passed in December 2024 and entered into force in February 2025, is important in the harmonization process as it significantly changes the national legal framework.

The law repeals the Law on the Protection of Personal Data, Law No. 9887/2008, and continues the process of harmonization with EU law. The official text states the new legislation is "fully aligned" with the EU General Data Protection Regulation and Law Enforcement Directive.

While there are certainly similarities between Albania's law and the GDPR, Law No. 124/2024 does slightly differentiate itself from the EU regulation.

From scope to sanctions: Albania's approach to EU data protection standards

Albania's law mirrors the GDPR in terms of objective, purpose and definitions.

When it comes to material and territorial scope, Albania has fully embraced the same criteria used by the EU. In practice, this means the law applies to data controllers and processors established in the country, regardless of whether their processing takes place in Albania.