The Office for Personal Data Protection, Slovenia Republic
- Legal grounds for the protection of personal data in the national legislation
- The status and the legal position of national DPA
- The legal rights and the limitations of the national DPA
- Contact information
1) Legal grounds for the protection of personal data in the national legislation:
(Protection of Personal Data)
The protection of personal data shall be guaranteed. The use of personal data contrary to the purpose for which it was collected is prohibited.
The collection, processing, designated use, supervision, and protection of the confidentiality of personal data shall be provided by law.
Everyone has the right of access to the collected personal data that relates to him and the right to judicial protection in the event of any abuse of such data.
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
- Personal Data Protection Act (Official Gazette RS No 94/07) (amendments to Personal Data Protection Act are currently in the legislative procedure)
2) The status and the legal position of national DPA:
Information Commissioner is an autonomous and independent body, established on 31. December 2005 with the Information Commissioner Act (ZInfP). The body supervises both the protection of personal data, as well as access to public information.
Competencies of the Information Commissioner based on the Information Commissioner Act are:
- deciding on the appeals against the decisions by which another body has refused or dismissed the applicant’s request for access, or violated the right to access or re-use public information; in the context of appellate proceeding the Information Commissioner is also responsible for supervising the implementation of the Act governing access to public information and regulations adopted within the framework of appellate proceedings;
- exercising inspection supervision of the implementation of act and other regulations which regulate processing and protection of personal data and transfer of personal data from Republic of Slovenia;
- exercises other tasks defined by these provisions;
- deciding as appellate body on individuals' complaints when controller of personal data refuses his request for access to data relating to him or request for extract, list, examination, confirmation, information, explanation, transcript or copy in accordance with provisions of the act governing personal data protection;
- as offence body the Information Commissioner supervises implementation of Information Commissioner Act, Access to Public Information Act in the context of Appellate proceeding and Personal data protection Act (Art. 2 of Information Commissioner Act and Art. 32 of Access to Public Information Act).
3) The legal rights and the limitations of the national DPA:
Competencies of the Information Commissioner under the Personal Data Protection Act, are:
Limitations (article 7 of PDPA):
- performing supervision over the implementation of the provisions of Personal data protection Act (PDPA),
- issuing supervision measures based on Art. 54 of PDPA (prohibition to process personal data, anonymization, blocking, erasing or destroying personal data, when established that the data is not processed according to the law,
- performing preventive supervision with personal data controllers in public and private sectors;
- performing procedures with regard to violations in the field of personal data protection (expedient procedure);deciding on an individual's complaint with regard to processing of personal data based on Art. 9(4) and Art. 10(3) of PDPA;
- issuing and publishing preliminary opinions to state bodies and public powers holders on harmonizing the provisions of proposals of legislation with Acts and other legislation governing personal data;
- issuing and publishing non-obligatory opinions on conformity of professional ethics codes, general conditions of business or the proposals thereof, with regulations in the field of personal data protection;
- preparing, issuing and publishing non-obligatory recommendations and instructions with regard to personal data protection in a particular field;
- deciding on the appeal of an individual when the data controller refuses his request for access to data relating to him or request for extract, list, examination, confirmation, information, explanation, transcript or copy in accordance with provisions of the Act governing personal data protection (competency established in the Information Commissioner Act).
- This Act shall not apply to the processing of personal data performed by individuals exclusively for personal use, family life or for other domestic needs.
4) Contact information:
of the Republic of Slovenia
Dunajska cesta 22