|Phone:||+386 1 230 9730|
|Translated Decisions:||Category:IP (Slovenia)|
|Head Count:||ca. 40-50|
|Budget:||1.8 million euros (2018), ca. 2.4 million euros (2020)|
The Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec) is the national Data Protection Authority for Slovenia. It resides in Ljubljana and is in charge of enforcing GDPR in Slovenia.
The Information Commissioner is an autonomous and independent body and it oversees personal data protection and access to public information in Slovenia. In the field of data protection, it has competencies under the GDPR as well as under the Slovenian Personal Data Protection Act, the Electronic Communications Act, the Act on Patient’s Rights, Passports Act, Identity Card Act, Banking Act, Consumer Credit Act, Decree on unmanned aircraft systems, Decree on the implementation of the Regulation (EU) on the Citizens’ Initiative and the Convention implementing the Schengen Agreement
The body consists of four internal organisational units: (1) the cabinet of the Information Commissioner, (2) the Sector for public information, (3) the Sector for protection of personal data, and (4) the administrative-technical service. Opinions are signed by the Information Commissioner and, where applicable, by a staff member, who prepared the opinion. Decisions in inspection procedures include information on the staff member, who issued the decision on the Information Commissioner’s behalf (with data being anonymsed in the online published versions).
Applicable Procedural Law
The inspection procedure of the Information Commissioner is regulated by the GDPR, Personal Data Protection Act (Zakon o varstvu osebnih podatkov (ZVOP-1)), Information Commissioner Act (Zakon o Informacijskem pooblaščencu (ZInfP)), Inspection Act (Zakon o inšpekcijskem nadzoru (ZIN)), and General Administrative Procedure Act (Zakon o splošnem upravnem postopku (ZUP)). For procedural matters not regulated in the Inspection Act, the General Administrative Procedure Act applies.
There is no procedural law in place that would regulate the issuing of administrative fines under the GDPR, as the new Personal Data Protection Act (Zakon o varstvu osebnih podatkov (ZVOP-2), which should ensure the full implementation of the GDPR in Slovenia, still hasn’t been adopted. Therefore, the Information Commissioner can conduct the offences procedure (prekrškovni postopek) only in case of breaches of the few articles in the current Personal Data Protection Act (Zakon o varstvu osebnih podatkov (ZVOP-1)) which are still in force after the GDPR’s entrance into force.
Complaints Procedure under Art 77 GDPR
For complaints of data subjects with a supervisory authority (Article 77 of the GDPR), the procedural rules of the General Administrative Procedure Act (Zakon o splošnem upravnem postopku (ZUP)) apply.
Ex Officio Procedures under Art 57 GDPR
You can help us filling this section!
Appeals against decisions in inspection procedures can be lodged with the Administrative Court.
An individual can report a breach of the GDPR to the Information Commissioner, which then conducts an ex-officio inspection procedure based on the Slovenian Inspection Act. More information, including a recommended form for reporting (in English), is available on the Information Commissioner's website.
In 2018, the Information Commissioner conducted 1.029 inspection procedures on suspected infringements of the Personal Data Protection Act (ZVOP-1) and the GDPR, and issued 2.192 written and 3.230 oral opinions on data protection issues.
- Letno poročilo Infromacijskega pooblaščenca za leto 2018 (Annual Report of the Information Commissioner for 2018), available at: https://www.ip-rs.si/fileadmin/user_upload/Pdf/porocila/Letno_porocilo_2018_FINAL.pdf, introduction, pp. 70, 120.
- Letno poročilo Infromacijskega pooblaščenca za leto 2018 (Annual Report of the Information Commissioner for 2018), available at: https://www.ip-rs.si/fileadmin/user_upload/Pdf/porocila/Letno_porocilo_2018_FINAL.pdf, introduction, pp. 63, 94.
|EU/EEA Data Protection Authorities|
|Austria · Belgium · Bulgaria · Croatia · Cyprus · Czech Republic · Denmark · Estonia · Finland · France · Germany (Baden-Württemberg · Bavaria, private sector · Bavaria, public sector · Berlin · Brandenburg · Bremen · Hamburg · Hesse · Lower Saxony · Mecklenburg-Vorpommern · North Rhine-Westphalia · Rhineland-Palatinate · Saarland · Saxony · Saxony-Anhalt · Schleswig-Holstein · Thuringia ) · Greece · Hungary · Ireland · Italy · Latvia · Lithuania · Luxembourg · Malta · Netherlands · Poland · Portugal · Romania · Slovakia · Slovenia · Spain · Sweden|
|Iceland · Liechtenstein · Norway||EDPS · EDPB|
|Non-EU/EEA Data Protection Authorities|