Support Centre

Slovenia

Summary

Law: Personal Data Protection Act 2022 (only available in Slovenian here) (ZVOP-2)

Regulator: Information Commissioner (the Commissioner)

Summary: Slovenia was the last EU Member State to implement the GDPR, with the Personal Data Protection Act 2022 (only available in Slovenia here) (ZVOP-2) entering into force on January 26, 2023, thereby replacing the Personal Data Protection Act 2004.

ZVOP-2 introduces provisions regarding the processing of personal data in relation to special category data, biometric data, personal data processed for marketing purposes, alongside traceability logs for controllers processing large amounts of sensitive personal data.

The Information Commissioner is an active regulator that has published several guidelines on various topics, including cookies, website privacy policies, data protection officer appointment, and data transfers.

Insights

Article 37 of the General Data Protection Regulation (GDPR) obliges data controllers and processors to designate a data protection officer (DPO). As part of this obligation, data controllers and processors are also required to publish the contact details of the DPO and to communicate the DPO's contact details to relevant supervisory authorities. In part one of this Insight series, OneTrust DataGuidance focuses on the requirement to communicate DPO contact details to the relevant supervisory authorities, providing an overview of the rules and guidelines for DPO contact registration across Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the UK.

In November 2022, the new Electronic Communications Act ('ZEKom-2') entered into force, derogating and replacing the previous homonymous act. The ZEKom-2 implements Directive (EU) 2018/1972 of the European parliament and of the Council of 11 December 2018 establishing the European Electronic Communications Code ('the Directive') in the legal order of the Republic of Slovenia. Kevin Rihtar, Partner at Karanović & Partners, discusses the main provisions of the ZEKom-2, including in relation to direct marketing.

The last Member State to adapt its national data protection framework to the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), Slovenia adopted, in December 2022, the Data Protection Act 2022 ('ZVOP-2')1, which entered into force on 26 January 2023, thus repealing the Data Protection Act 2004 ('ZVOP-1')2. In this Insight article, OneTrust DataGuidance Research brings you up to speed with the changes brought about by the ZVOP-2.