GIODO

The Office for Personal Data Protection, Slovak Republic

Contents:

Legal framework of personal data protection

Legal position of the office

Powers of the Office

Limitations of the Office

Contacts

1. Legal framework of personal data protection in the Slovak republic

Personal data protection in the legal system of the Slovak republic is an indivisible part of the protection of human rights. In this sense the above mentioned area is included in the Constitution of the Slovak republic of 1 September 1992 in the Second head - Basic human rights and freedoms, article 19 and 22.

The Constitution of the Slovak republic of 1 September 1992

Article 19

(1)	Everyone has the right to the preservation of his human dignity and personal honor, and the protection of his good name.
(2)	Everyone has the right to protection against unwarranted interference in his private and family life.
(3)	Everyone has the right to protection against the unwarranted collection, publication, or other illicit use of his personal data.

Article 22

(1)	The privacy of correspondence and secrecy of mailed messages and other written documents and the protection of personal data are guaranteed.

The area of personal data protection is regulated in the Slovak republic, in the line with the Directive of European parliament and the Council 95/46/EC, by Act No. 428/2002 Coll. on personal data protection that replaced the former Act No. 52/1998 Coll. on personal data protection in information systems. The act No. 428/2002 Coll. was passed by the Parliament of the Slovak republic 3 July 2002 and entered into effect 1September 2002. This act includes experience and knowledge from practice gained during three years of supervising personal data protection and also some more precisely formulated provisions of the Directive.

Except before mentioned law as a generally binding rule is the personal data protection regulated by further legal rules, for example by the Civil code (act no. 40/1964), Sections 11 to 16. Handling with personal data is also contained in the Criminal Code in Section 178 Unauthorized Disposal of Personal Data and in section 257a Damaging or Misusing Data Carrier Record.

Section 178 of Criminal Code (Act No. 140/1961 Coll., the Criminal Code, as amended)

Unauthorized Disposal of Personal Data

(1)	Whoever, even through negligence, communicates or allows access to data gathered in connnection with the performance of public administration shall be punished by imprisonment for a term of up to one year, or to prohibition of a specific activity or a pecuniary penalty.
(2)	A person who acquires data on another person in connection with his profession, employment or office and who, even through negligence, communicates the data to another person, or allows access to such data by another person, thus breaching a duty of confidentiality stipulated by law, shall be liable to a sentence under subsection (1).
(3)	An offender shall be punished by imprisonment for a term of two years, or to prohibition of specific activity or a pecuniary penalty, if:
(a)	by his act under subsection (1) or (2) he causes a serious detriment to the rights and justified interests of the person to whom such data relates;
(b)	he commits an act under subsection (1) or (2) through the press, radio, film or TV broadcasting or in another similarly effective manner;
(c)	he commits an act under subsection (1) by breaching duties arising from his profession, employment or office.

Section 257a

Damaging or Misusing Data Carrier Record

(1)	A person, who with intent to cause damage or some other detriment to another or obtain unjust benefit for himself or another person, gains access to a data carrier and:
	(a)	uses such data without authorization;
	(b)	destroys, damages or renders useless the data on such carrier; or
	(c)	interferes with the hardware or software of a particular computer, shall be punished by a term of imprisonment of from six months to three years, by prohibition of a specific activity, by a pecuniary penalty or forfeiture of a specific thing.
(2)	An offender shall be sentenced to a term of imprisonment of from one year to five years if:
	(a)	he commits an act under subsection (1) as a member of an organized group, or
	(b)	by such act he causes substantial damage or acquires substantial benefit for himself or another person.
(3)	An offender shall be sentenced to a term or imprisonment of from two years to eight years if, by an act under subsection (1), he causes large-scale damage or acquires a large-scale benefit for himself or another person.

Except domestic legislation also international documents are valid in this area which are binding for the Slovak republic. This preference of international treaties or legal binding documents of european communities and european union follows from article 7, paragraph 5 of the Constitution.

Article 7

(5)

International treaties on human rights and fundamental freedoms, international treaties whose executions does not require an act and international treaties which directly establish rights or obligations of natural persons or juridical persons and which were ratified and promulgated as required by law shall take precedence over the laws.

The Slovak republic in the recent period (during years 2001 and 2002) ratified in the area of personal data protection two important international documents

Convention for the protection of individuals with regard to automatic processing of personal data (ETS No. 108), it entered into effect 1 January 2001,
Additional Protocol to the Convention for the protection of individuals with regard to automatic processing of personal data (ETS No. 108) regarding supervisory authorities and transborder data flows.

2. Legal Position of the Office

In the line with the European law the supervision over the protection of personal data in the Slovak republic has been performed since 1 March 1998. From the year 1998 till 1 September 2002 was state supervision carried out by the Commisioner for personal data protection. On 1 September 2002 the Office for personal data protection was established by the act no. 428/2002 Coll. on the personal data protection. The Office is a body of the state administration with the nationwide competence, its site is in Bratislava.

Personnel of the office is formed by the president, vice-president, chief-inspector and inspectors, other employees of the office.

the office is headed by the vice-president. the parliament of the slovak republic elects and recall the president of the office. The term of the office of the president is five years and the president may be elected for not more than two consecutive terms. Only a citizen who could be elected member of the parliament, who is a person of integrity, who has university education, at least 10 years practice in information sciences or law and is at least 35 years of age can be elected president of the office. The president of the office can neither be a member of a political party nor of a political movement.

The President of the office shall be accountable for his activity to the Parliament of the Slovak Republic. The Parliament of the Slovak Republic may lift the confidentiality obligation of the President of the Office for a concrete case. During his term the President of the Office is entitled to learn classified information under separate regulation.

The Vice-president of the office deputizes for the President of the Office during his absence. The Government of the Slovak Republic appoints and recalls the Vice-president of the Office upon a proposal by the President of the Office. The President of the Office may lift the confidentiality obligation of the Vice-president of the Office for a concrete case.

Chief inspector manages the activities of inspectors. Inspectors carry out inspection tasks and they shall have substantive competence to fulfil the tasks of the Office.

The Government of the Slovak Republic appoints and recalls the inspectors upon a proposal by the President of the Office. Only a citizen who could be elected member of the Parliament of the Slovak Republic, who is a person of integrity, who has university education, at least 3 years of practice in information sciences or law and is at least 30 years of age can be appointed inspector. The Government of the Slovak Republic appoints and recalls the chief inspector from the ranks of inspectors who have a professional experience of at least five years and the age of at least 35 years upon a proposal by the President of the Office.

The term of the office of the chief inspector is five years and he may be repeatedly appointed.

3. Powers of the Office

The office as a state administration body has a stake in the protection of fundamental rights and freedoms of natural persons as to processing their personal data. It carries out its tasks and obligations in accordance with the law. The Office especially performs these tasks:

in case of doubts the Office issues a binding opinion,
it continuously monitors the situation in personal data protection, information systems registration and keeping records on information systems,
recommends the controllers of information systems measures for the protection of personal data in information systems,
in case of doubts whether the extent, content and manner of processing or use of processed personal data are in compliance with the purpose of their processing, compatible with the purpose of processing or whether they are obsolete with respect to time and substance of this purpose,
in case of doubts on transborder flow of personal data,
in case of doubts on the registration of the information system,
receives and handles complaints concerning violations of personal data protection,
inspects processing of personal data in information systems
imposes sanctions when detecting violations of duties specified in this Act,
informs criminal justice agencies of suspicion of crime,
registers information systems and assuring access to registration situation,
participates in the drafting of generally binding regulations in the area of personal data protection,
issues generally binding regulations in the scope of its competence,
presents opinions on draft laws and drafts of other generally binding regulations that regulate processing of personal data,

The chief inspector and other inspectors as well as the President of the Office and Vice-president of the Office are entitled to

enter controller's and processor's premises, buildings or rooms of operations and facilities,
require that the controller, processor and their employees submit, within a given deadline, documents, other written materials, statements and information, data processed on memory media including technical data carriers, statements and software source codes, when they own these materials and also other materials needed for inspection, originals and/or and in justified cases to enable taking of copies also outside the premises of the controlled person,
require full and true oral and written information, statements and explanations to inspected and related facts and linked deficiencies from the controlled person within a reasonable time limit,
require concurrence of the controlled person.

4. Limits of the Office

If personal data are processed by intelligence services, supervision over the protection of personal data is carried out by the Parliament.

5. Contact

The Office for Personal Data Protection

Odborrske nm 3
Bratislava 817 60
Slovak republic

Phone:	+421 2 5023 9426
Fax:	+421 2 5023 9441
e-mail:	statny.dozor@pdp.gov.sk
web sites:	www.dataprotection.gov.sk

The administrator of this web site is:
Inspector General for the Protection of Personal Data
ul. Stawki 2; PL-00-193 Warszawa
Phone: +48 (22) 531 03 00, Fax: +48 (22) 531 03 01, e-mail: kancelaria@giodo.gov.pl