Slovakia

CHART INSTRUCTIONS:

 Local law does not deviate from the GDPR.

 Local law deviates from the GDPR.

name

Zákon o ochrane osobných údajov a o zmene a doplnení niektorých zákonov

Status: Adopted

LAWFULNESS OF PROCESSING (ART 6)

No Deviation

CHILD'S CONSENT (ART 8)

No Deviation

SENSITIVE DATA (GENETIC, BIOMETRIC AND HEALTH DATA) (ART 9 (4))

VARYING/ADDITIONAL REQUIREMENT: Consent to process sensitive data is void if its exclusion precludes a separate regulation. Processing is also permitted when (1) necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or the data subject in the area of labor law, social law insurance, social protection, or public health insurance; and (2) necessary for the purpose of social insurance, social security for police and soldiers, and providing specific social benefits (§ 16 Slovakian Act) (Art 9 GDPR).

CRIMINAL CONVICTIONS/SECURITY MEASURES (ART 10)

No Deviation

AUTOMATED INDIVIDUAL DECISION-MAKING (ART 22)

No Deviation

RESTRICTIONS TO DATA SUBJECT'S RIGHTS (ART 23)

ADDITIONAL REQUIREMENT: Restrictions of data subjects may be restricted if established to ensure Slovak public policy or economic mobilization (§ 30 Slovakian Act) (Art 23 GDPR).

JOINT CONTROLLER RESPONSIBILITIES (ART 26 (1))

No Deviation

AD HOC NOTIFICATIONS - RECORDS OF PROCESSING ACTIVITIES (ART 30)

No Deviation

SECURITY OF PROCESSING (ART 32)

No Deviation

DATA BREACH (ART 33 & 34)

No Deviation

DATA PROTECTION OFFICER (ART 37(4))

No Deviation

DATA TRANSFER DEROGATIONS (ART 49(5))

No Deviation

POWERS SUPERVISORY AUTHORITIES (ART 58)

ADDITIONAL REQUIREMENT: The DPA is authorized to invite the controller or processor to submit an explanation of suspected breaches of the Act, special regulation, or international law. The subject of the DPA’s supervision does not include contractual disputes between the controller/processor and another person if the court and other bodies are competent to hear and decide the dispute. The DPA may also charge an appropriate fee for administrative costs or refuse to act on an application if it is manifestly unfounded, inappropriate, or repetitive (§ 80 Slovakian Act) (Art 58 GDPR).

CLASS ACTIONS (ART 80 (2))

No Deviation

ADMINISTRATIVE SANCTIONS (ART 83)

ADDITIONAL REQUIREMENT: The Slovakian Act empowers the DPA to impose a fine of up to €2,000 on persons who are not the controller or processor for failure to cooperate with the DPA. The DPA may also fine the controller or processor if it fails to ensure adequate conditions for the exercise of DPA controls under Article 94 of the Slovakian Act (§§ 104–106 Slovakian Act
(Art 83 GDPR).

PENALTIES (ART 84)

No Deviation

HR PROCESSING (ART 88)

No Deviation

PROCESSING FOR ARCHIVING, SCIENTIFIC, HISTORICAL RESEARCH OR STATISTICAL PURPOSES (ART 89)

No Deviation

OBLIGATIONS OF SECRECY (ART 90)

SPECIFYING REQUIREMENT: The Slovakian Act requires controllers and processors to maintain the confidentiality of personal data even after the processing of that data has ended or after an employment relationship is terminated. This obligation does not apply if it’s necessary to perform tasks necessary for judicial or law enforcement proceedings under Slovakian law (§ 79 Slovakian Act) (Art 90 GDPR).

LOCAL DPA GUIDANCE & LEGAL SOURCES