Implementing the Provisions of the GPDR in Slovakia
Slovakia’s Act No. 18/2018 Coll. on Protection of Personal Data is a data privacy law that was passed in 2017 and went into effect the following year in 2018. Act No. 18/2018 Coll. on Protection of Personal Data was enacted for the purpose of implementing the provisions of the European Union’s General Data Protection Regulation or GDPR into Slovakian law, as Slovakia is a member state within the EU. To this point, Act No. 18/2018 Coll. on Protection of Personal Data sets out the legal guidelines that must be followed when collecting and processing personal data within the country of Slovakia, in conjunction with the provisions established in the EU’s GDPR law.
What are the variations between Act No. 18/2018 Coll. and the GDPR law?
The provisions set out in the EU’s GDPR law remain largely unchanged as it relates to Slovakia’s Act No. 18/2018 Coll. on Protection of Personal Data. However, one of the ways in which the two laws vary are the regulations concerning the collection and processing of special categories of personal data. Under Slovakia’s Act No. 18/2018 Coll. on Protection of Personal Data, the “processing of certain special categories of personal data (genetic, biometric data, and data relating to health) is lawful when it is envisaged by a specific law or an international treaty. This exemption from a general prohibition on the processing of special categories of personal data, as introduced in Article 9(1) of GDPR, will be relied upon, for instance, by insurance companies in connection with life insurance.”
Conversely, Slovakia’s Act No. 18/2018 Coll. on Protection of Personal Data also differs from the EU’s GDPR law as it pertains to the exceptions to the legal grounds upon which personal data may be collected and processed. Under the law, data controllers and processors within Slovakia may disregard the legal framework for the collection and processing of personal data under the following special situations:
- Processing personal data for archiving, scientific, or historical research or statistical purposes;
- Processing necessary to inform the public by mass media means;
- Disclosure of personal data of employees by their employers; and
- The personal data of data subject collected from another natural person.
What are the rights of Slovakian citizens under the Act?
The right of Slovakian citizens under Act No. 18/2018 Coll. on Protection of Personal Data are identical to the rights that are provided to data subjects under the EU’s GDPR law. These rights include:
- The right to be informed.
- The right to access.
- The right to rectification.
- The right to erasure.
- The right to object or opt-out.
- The right to data portability.
- The right not to be subject to automated decision-making.
- The right to restriction.
In terms of the penalties that data controllers and processors operating within Slovakia face should they fail to comply with the law, Act No. 18/2018 Coll. on Protection of Personal Data is enforced by the Office for Personal Data Protection of the Slovak Republic or the UOOU for short. As such, individuals and organizations that violate the provisions established by Act No. 18/2018 Coll. on Protection of Personal Data are subject to a number of penalties, which include but are not limited to:
- A penalty of up to €10 million ($11,432,500) for non-performance or breach of an obligation under the Act or the GDPR;
- A penalty of up to €20 million ($22,865,000) for non-performance or breach of any principle relating to the processing of personal data, non-performance or breach of any right of the data subject, non-performance or breach of any obligations related to transfer of personal data to third countries or international organizations, etc;
- A penalty of up to €2,000 ($2,287) for the failure to provide the required cooperation to the ÚOOÚ during supervision where the person concerned is neither a data controller nor a data processor; and
- A penalty of up to €2,000 ($2,287) imposed on a data controller or a processor if it fails to provide adequate conditions for the control, and a penalty of up to €10,000 ($11,435) if it obstructs the control process.
Through the passing of Slovakia’s Act No. 18/2018 Coll. on Protection of Personal Data and the subsequent implementation of the EU’s GDPR law, Slovakian citizens were provided with the legal means necessary to adequately and appropriately protect their personal data. Through the provisions of both laws, said citizens are entitled to several rights designed to ensure that their privacy is protected at the highest level. As such, the European Union continues to set an international standard as it concerns the protection of personal data and privacy, particularly within online spaces.