Control Plan for 2023

I. Schengen and European information systems and agencies

The first part of the control plan is aimed at identifying the state of processing of personal data in information systems, which are used to ensure the practical implementation of the Schengen and European acquis on the territory of the Slovak Republic and in the premises of representative offices of the Slovak Republic. Controls mainly consist of ongoing, continuous monitoring of the ability of state administration bodies to ensure safe and legal processing of personal data in specific information systems used primarily for the internal protection of the Schengen area and the European Union area (e.g. N.SIS II), or for administrative cooperation (IMI).

Ministry of Foreign Affairs and European Affairs of the Slovak Republic

1. National part of the Visa Information System - representative office

Processing activities of the consular workplace of the selected representative office of the Slovak Republic in the national part of the visa information system (N.VIS) related to the issuance of Schengen visas according to Regulation of the European Parliament and the Council (EC) no. 767/2008 of July 9, 2008 on the visa information system (VIS) and the exchange of data on short-term visas between member states (VIS regulation), as well as according to Regulation of the European Parliament and of the Council (EC) no. 810/2009 of 13 July 2009 establishing the Community Visa Code (Visa Code). Compliance of the processing of personal data of the persons concerned with the principles of personal data processing and the conditions of legal processing with an emphasis on the rights of the persons concerned and the security of personal data.

Number of checks: 1

Ministry of the Interior of the Slovak Republic

2. National part of the Schengen Information System

Processing activities in the national part of the Schengen Information System of the second generation (N.SIS II) within the framework of fulfilling the tasks of the Police Force of the Slovak Republic for the purposes of Regulation of the European Parliament and the Council (EC) No. 1987/2006 of 20 December 2006 on the establishment, operation and use of the second-generation Schengen Information System, on the basis of which data on third-country nationals are processed in connection with refusal of entry or stay, as well as in accordance with Council Decision 2007/533/JHA of June 12, 2007 on the establishment, operation and use of the second generation Schengen Information System, according to which data on persons and objects in N.SIS II are processed for the purposes of discreet surveillance or targeted checks (selected alien police department and selected police department). Compliance of the processing of personal data of the persons concerned with the principles of personal data processing and the conditions of legal processing with an emphasis on the rights of the persons concerned and the security of personal data.

Number of checks: 2

3. National part of the Visa Information System

Processing activities of the selected department of the foreign police in the national part of the visa information system (N VIS) within the framework of fulfilling the tasks of the Police Force of the Slovak Republic for purposes according to the Regulation of the European Parliament and the Council (EC) no. 767/2008 of 9 July 2008 on the Visa Information System (VIS) and the exchange of data on short-term visas between Member States (the VIS Regulation), according to Council Decision 2008/633/JHA of 23 June 2008 on making the Visa Information System (VIS) available ) for inspection by designated authorities of the Member States and Europol for the purposes of preventing terrorist crimes and other serious crimes, their detection and investigation, as well as pursuant to Regulation of the European Parliament and the Council (EC) No. 810/2009 of 13 July 2009 establishing the Community Visa Code (Visa Code). Compliance of the processing of personal data of the persons concerned with the principles of personal data processing and the conditions of legal processing with an emphasis on the rights of the persons concerned and the security of personal data.

Number of checks: 1

4. Automated European fingerprint identification system - Eurodac

Processing activities of the national access point of the Eurodac information system carried out according to Regulation of the European Parliament and the Council No. 603/2013 of June 26, 2013 on the establishment of the Eurodac fingerprint comparison system for the effective application of Regulation (EU) No. 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for assessing an application for international protection submitted by a third-country national or a stateless person in one of the Member States, and on requests from Member States' law enforcement authorities and Europol for comparison with data in the Eurodac system for law enforcement purposes and on the amendment of Regulation (EU) No. 1077/2011 establishing the European Agency for the operational management of large-scale information systems in the area of freedom, security and justice (revised text), as well as under the Regulation of the European Parliament and Council No. 604/2013 of June 26, 2013, establishing the criteria and mechanisms for determining the Member State responsible for assessing an application for international protection submitted by a third-country national or a stateless person in one of the Member States (revised wording). Compliance of the processing of personal data of the persons concerned with the principles of personal data processing and the conditions of legal processing with an emphasis on the rights of the persons concerned and the security of personal data.

Number of checks: 1

5. Liaison Office of the Slovak Republic (Europol)

Processing activities of the Liaison Office of the Slovak Republic in The Hague pursuant to Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol), which replaces and repeals Council Decisions 2009/371/ JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA. Compliance of the processing of personal data of the persons concerned with the principles of personal data processing and the conditions of legal processing with an emphasis on the rights of the persons concerned and the security of personal data.

Number of checks: 1

Ministry of Economy of the Slovak Republic

6. Internal Market Information System (IMI)

Processing activities of the Ministry of Economy of the Slovak Republic according to Regulation of the European Parliament and the Council (EU) No. 1024/2012 of 25 October 2012 on administrative cooperation through the Internal Market Information System and repealing Commission Decision 2008/49/EC ("IMI Regulation"). Compliance of the processing of personal data of the persons concerned with the principles of personal data processing and the conditions of legal processing with an emphasis on the rights of the persons concerned and the security of personal data.

Number of checks: 1

Criminal Financial Administration Office

7. National part of the Schengen Information System

Processing activities in the national part of the Schengen Information System of the second generation (N.SIS II) within the framework of fulfilling the tasks of the Criminal Financial Administration Office for the purposes of the Regulation of the European Parliament and the Council (EC) No. 1987/2006 of 20 December 2006 on the establishment, operation and use of the second-generation Schengen Information System, on the basis of which data on third-country nationals are processed in connection with refusal of entry or stay, as well as in accordance with Council Decision 2007/533/JHA of June 12, 2007 on the establishment, operation and use of the second generation Schengen Information System, according to which data on persons and objects in N.SIS II are processed for the purposes of discreet surveillance or targeted checks. Compliance of the processing of personal data of the persons concerned with the principles of personal data processing and the conditions of legal processing with an emphasis on the rights of the persons concerned and the security of personal data.

Number of checks: 1

II. Processing activities

The second part of the control plan is focused on the compliance of personal data processing with the requirements of the General Data Protection Regulation and the Personal Data Protection Act and reflects the risks associated with specific processing activities or the use of new technologies and procedures, especially with processes capable of significantly interfering with rights and protected interests of affected persons.

8. Processing activities of local self-government bodies

Number of checks: 3

9. Processing activities of public passenger transport carriers

Number of checks: 2

10. Processing activities of employers in the field of personnel and payroll

Number of checks: 2

The expected focus of the controls listed in points 8 to 10: Compliance of the processing of personal data of affected persons with the requirements of the General Data Protection Regulation and the Personal Data Protection Act: principles of processing, legality of processing, conditions for expressing consent, processing of special categories of personal data, rights of the affected person, joint operators, intermediary, processing on the basis of authorization of the operator or intermediary, security of personal data, assessment of the impact on data protection, responsible person.