Data Protection in Slovenia

From GDPRhub
Data Protection in Slovenia
Data Protection Authority: IP (Slovenia)
National Implementation Law (Original): Zakon o varstvu osebnih podatkov (ZVOP)
English Translation of National Implementation Law: English Translation
Official Language(s): Slovenian
National Legislation Database(s): Link
English Legislation Database(s): n/a
National Decision Database(s): Link



You can help us fill this section!

National constitutional protections

The Slovenian Constitution of 1991 guarantees the protection of personal data at the constitutional level and within the framework of guaranteed human rights. This right is explicitly enshrined in Article 38.

National GDPR implementation law

In Slovenia the GDPR is not implemented by the national law. Slovenia remains the only EU country without the implementing act. While the law has not been implemented, the 2004 "Zakon o varstvu osebnih podatkov (ZVOP-1)" remains in force. Due to the lack of legislation, the Information Commissioner is completely without the power to impose fines and therefore has not been able to impose a single administrative fine since the adoption of the GDPR.


On April 30, the Ministry of Justice presented new version of the Slovenian Personal Data Protection Law (ZVOP-2). Current status: interdepartmental coordination.

Age of consent

Not defined, but theoretically: 15 years.

Freedom of Speech

You can help us fill this section!

Employment context

Data protection matters in the work context are regulated in Art. 46 “Zakon o dlovnih razmerjih (Employment Relationships Act, ZDR-1) and in “Zakon o evidencah na področju dela in socialne varnosti (Labour and Social Security Registers Act, ZEPDSV). The employee's consent to the processing of her/his personal data is strictly judged, with the employee being considered the weaker party to the contract, and the employer (controller) must therefore essentially prove that the employee's personal consent was in fact free.


You can help us fill this section!

Other relevant national provisions and laws

You can help us fill this section!

National ePrivacy Law

Slovenia has implemented the ePrivacy Directive in the Electronic Communications Act (“Zakon o elektronskih komunikacijah, ZEKom-1).

Cookies are regulated in Art. 157 ZEKom-1. It should be noted, cookies are not one of the priorities of the Slovenian Information Commissioner. Therefore, the majority of Slovenian websites are not compliant with i.e. the Planet 49 decision.

Spam is regulated in Art. 158 ZEKom-1.

Data Protection Authority

The Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec) is the national data protection authority for Slovenia.

→ Details see IP (Slovenia)

Judicial protection

Civil Courts

You can help us fill this section!

Administrative Courts

The decision of the Information Commissioner is final, but it can be challenged in the Administrative Court. The administrative dispute process is extremely slow and involves unnecessary bureaucratic steps that severely limit individual rights. Proceedings before an administrative tribunal can take up to 2 years.

Constitutional Court

You can help us fill this section!