Privacy Laws

Slovenia's data protection in comparison to the GDPR

The flag of Slovenia with a blue sky and mountains in the background. — © Blaž TOMAŽ VERTAČNIK / stock.adobe.com | #448406461

General overview

Slovenia has modernized its data protection landscape with the introduction of the Personal Data Protection Act 2022 (ZVOP-2), effective from January 16, 2023. This act aligns Slovenia with the GDPR and replaces the previous Personal Data Protection Act of 2004. The Information Commissioner is designated as the supervisory authority for data protection in the country.

GDPR opening clauses

The ZVOP-2 serves as the primary legislative tool for implementing the GDPR in Slovenia. It complements the GDPR in areas where Member States have the discretion to legislate. The act also covers the processing of personal data in both the public and private sectors.

Key differences and national specifics

Compliance steps for Swiss businesses

Constitutional backing: Slovenia's Constitution, under Article 38, guarantees the right to data privacy, equating it with other fundamental rights like freedom of expression.
Additional rights: The ZVOP-2 goes beyond the GDPR by governing the processing of personal data of deceased individuals.
Criminal Offences Act: This act focuses on data related to criminal offences and designates the Information Commissioner as the supervisory authority for such data.
Sector-specific laws: Slovenia has various other laws that govern data collection and processing in specific sectors, such as healthcare and telecommunications.

Guidelines

The Information Commissioner actively issues various guidelines and handbooks to assist in the practical application of data protection laws. These guidelines cover a range of topics, from video surveillance to data protection in employment relationships.

Conclusion

Slovenia has taken comprehensive steps to align its national laws with the GDPR, while also addressing specific national concerns. The active role of the Information Commissioner in issuing guidelines demonstrates Slovenia's commitment to ensuring robust data protection.

Write email

Group	external media
Name	Calendly
Technical name	_cf_bm,__cfruid,OptanonConsent
Provider	Calendly LLC
Expire in days	365
Privacy policy	https://calendly.com/privacy
Use	To arrange appointments via the provider Calendly.
Allowed
Group	essential
Name	Contao CSRF Token
Technical name	csrf_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Serves to protect the website from being falsified by cross-site requests. The cookie is deleted again after the browser is closed.
Allowed
Name	Contao HTTPS CSRF Token
Technical name	csrf_https_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Used to protect the encrypted website (HTTPS) from being falsified by cross-site requests. The cookie is deleted again after the browser is closed.
Allowed
Name	PHP SESSION ID
Technical name	PHPSESSID
Provider	Contao
Expire in days	0
Privacy policy
Use	Cookie from PHP (programming language), PHP data identifier. Contains only a reference to the current session. No information is stored in the user's browser and this cookie can only be used by the current website. This cookie is mainly used in forms to increase user-friendliness. Data entered in forms is stored for a short time, for example, if the user makes an input error and receives an error message. Otherwise, all data would have to be entered again.
Allowed
Name	FE USER AUTH
Technical name	FE_USER_AUTH
Provider	Contao
Expire in days	0
Privacy policy
Use	Saves a visitor's information as soon as they log in to the frontend.
Allowed