Introduction to the Slovak data protection law regime

The Slovak Republic is a Member-State of the European Union, and logically it is bound by the provisions of General Data Protection Regulation 2016/679 (hereafter referred as GDPR). With regard to that act, Slovakia adopted the Slovak Data Protection Act (Act No. 18/2018 Coll., hereinafter referred to as the Data Protection Act) in order to protect personal data, as well as to amend and supplement certain other national legal acts.

The Data Protection Act entered into force on 25 May 2018 and brought a certain number of changes to the national data protection law regime that existed before. For the record, at the present time the Data Protection Office of the Slovak Republic is the supervisory authority that is responsible for overseeing the Data Protection Act and the GDPR within the country.

To begin with, it has to be said that under the Data Protection Act a Controller has a possibility to process personal data without a Data Subject’sconsent in case when the processing is necessary for the purposes of academic, artistic or literary expression, or whereas the processing is essential for the purpose of informing the community by means of the mass media.

Furthermore, a Data Subject’s employer has a right to provide the personal data of an employee in circumstances where it is necessary for the fulfilment of the administrative and organizational duties. It comprises the employee’s title, name, surname, job, service position, administrative position, department, place of work, all contact details including address, telephone and/or fax number, work e-mail address and identification data of the employer. Such publishing of personal data cannot violate the respect, dignity and safety of the Data Subject.

Among other things, Controllers and Processors should implement suitable technical and organizational measures in order to ensure a level of security. Pursuant thereto, the Data Protection Office of the Slovak Republic issued Decree No. 158/2018 Coll. on Data Protection Impact Assessment Procedure as of 29 May 2018.

With regard to child’s consent in relation to online services, Slovakia did not change the logic of GDPR and now a valid consent remains at 16 years old.

Under the Data Protection Act, there is a possibility to process sensitive personal data as long as a special act or international treaty which is binding on the Slovak Republic is applicable. Thereunder, the adopted act gives the processor the possibility to process genetic, biometric and health data on the legal basis with the aim of providing healthcare in compliance with special laws. However, the new legislation does not identify any additional rules for the processing information about criminal offences.

It is important to note that under the Data Protection Act there is no define obligation on a Controller to provide Data Subject with a privacy notice on how individual’s personal data is processed in Slovak. Nevertheless, it prescribe that given information should be provided in a comprehensible form within clear and simple terms. Consequently, it should be in a language the Data Subject speaks.

Considering the criminal liability for violations in the fields of personal data protection, the national legislator in Slovakia imposed a term of imprisonment of up to one year if a person (without lawful authority) communicates, makes accessible or discloses personal data of another person:

  • obtained in connection with the execution of public administration or with the exercise of constitutional rights of a citizen; or
  • obtained in connection with the execution of his own profession, employment or function, and thus breaches his own obligation prescribed by a generally binding legal regulation.

In particular circumstances, the above mentioned term of imprisonment can be increased up to 2 years. Lastly, whereas the personal data is being processed for direct marketing purposes, the Data Subject has a right to object. That possibility is presented by GDPR and shall be, inter alia, governed by Act No. 351/2011 Coll. on Electronic Communications.

Questions regarding Slovakian business or data protection law? We are happy to assist you with our partners:

Diana Oravcová attorney at law

Adriena Petrová attorney at law