Activities of the office
Status of the Office
The Office is a state administration body with national jurisdiction over the territory of the Slovak Republic, that participates in the protection of the fundamental rights of natural persons in relation to processing of personal data executes data protection supervision, including the supervision of the protection of personal data by the competent authorities for performance of the task for the purposes of criminal proceedings The Office, when exercising its jurisdiction, acts independently and is governed by Constitution of the Slovak Republic, constitutional act, acts, other generally binding legal regulations and international treaties binding upon the Slovak Republic. The headquarter of the Office is Bratislava. The organisational details shall be regulated by the Organisational Structure of the Office issued by president of the Office.
Tasks of the Office
The Office
- monitors the implementation of this Act,
- comments on drafts of Acts and drafts of generally binding regulations governing the processing of personal data,
- provides consultation in the area of the protection of personal data,
- provides methodological guidelines on personal data processing to controllers and processors,
- promote public awareness, in particular on risks and rights in relation to processing of personal data,
- promote the awareness of controllers and processors on their obligations under this Act,
- upon request, provides information to any data subject concerning the exercise of their rights under this Act and cooperates with supervisory authorities of other Member States for this purpose,
- in the exercise of supervision over the protection of personal data, it verifies the lawfulness of processing of personal data by the competent authorities in exercising rights by a data subject pursuant to section 63 paragraph 5 and informs the data subject about the results of the verification within 30 days of the date of submission of the request for verification, or of the reasons why the verification was not carried out, and of the possibility to exercise the data subject’s right to lodge a complaint to initiate proceedings pursuant to section 100 and for other type of legal protection pursuant to specific regulation,
- monitors development, in particular the development of information and communication technologies and commercial practices if they have any impact on the protection of personal data,
- cooperates with the European Data Protection Board in the area of personal data protection,
- submits to the National Council of Slovak Republic a report on state of protection of personal data at least once a year; the report on the state of personal data protection is published by the Office on its website and provides it to the European Data Protection Board and to the Commission,
- cooperates with supervisory authorities of other member states, including the exchange of information, and provides them with mutual assistance in order to ensure a common approach to the protection of personal data under this Act and the special regulation.
Authorisations of the Office
For performance of the task, the Office is authorised
- to order the controller and processor, or representative of controller or processor if so authorised, to provide information essential for performance of its tasks,
- to obtain from the controller and the processor access to personal data and information that are necessary for performance of its tasks; the provision of secrecy pursuant to special regulations remain unaffected,
- to enter the premises of a controller and processor, as well as any equipment and means for processing personal data, to the extent necessary for the performance of his tasks, unless permission is required under a special regulation,
- to issue warnings to a controller or processor that intended processing operations are likely to infringe provisions adopted pursuant to this Act or special regulations,
- to impose measures for liability, a fine pursuant to section 104 or administrative fine pursuant to section 105 if the controller, processor, monitoring body or certification body infringes the provisions of this Act or special regulations,
- to order the controller or the processor to comply with the data subject's requests to exercise his or her rights pursuant to this Act or special regulations,
- to order the controller or processor to bring processing operations into compliance in a specified manner and within a specified period with the provisions of this Act or special regulations,
- to order the controller to communicate a personal data breach to the data subject,
- to impose a temporary restriction or definitive restriction of personal data processing,
- to ask the controller or processor to give an explanation in case of suspicion of an infringement of obligation under this Act, a special regulation or international treaty binding upon by the Slovak Republic,
- to recommend the controller or processor adopt measures for ensuring protection of personal data in the filing systems,
- to order the suspension of data flows to a recipient in a third country or an international organisation.
The Office is not authorised to act in these cases:
- the subject of supervision over the protection of personal data is not disputes arising from contractual relations or pre-contractual relations between the controller or the processor and the data subject or other persons whose courts and other bodies are competent to hear and decide under special regulations.
- where personal data are processed by the courts when acting in their judicial capacity, personal data protection supervision is exercised by the Ministry of Justice of the Slovak Republic pursuant to sections 90 to 98.
- where personal data are processed by the National Security Authority pursuant to a special regulation, supervision pursuant to sections 90 to 98 is exercised by the National Council of Slovak Republic pursuant to a special regulation.