Activities of the Office

Printer-friendly versionPrinter-friendly versionPDF verziaPDF verzia

Activities and competencies under the PDP Act

 

The Office, as a state authority, executes supervision of personal data protection independently and it shall participate in protection of the fundamental rights and freedoms of natural persons in the processing of personal data. To make the Office substantively competent to exercise the supervision over the processing of personal data following condition have to be concurrently fulfilled

  • it regards personal data of natural (not legal) person and
  • Personal data are systematically processed by fully or partially automated means of processing or by other than automated means of processing, which constitute a part of a filing system or are intended for processing in a filing system.

Scope of the PDP Act is not limited by the territory of the Slovak Republic. The Office exercises supervision over the controllers which do not have their registered office or permanent residence on the territory of

  • the Slovak Republic but are located abroad at a place where the laws of the Slovak Republic take precedence based on an international public law,
  • Member State of the European Union provided that for the purposes of personal data processing they use fully or partially automated means or other than automated means of processing located on the territory of the Slovak Republic.

Jurisdiction of the Office as the Supervisory Authority does not apply to the cases when

  • personal data are processing by intelligence services,
  • it relates to disputes arising from contractual or pre-contractual relations of controllers or processors and data subjects or other natural or legal persons, the hearing or deciding of which is subject to the respective courts or other authorities pursuant to special acts or
  • it relates to processing of personal data by natural person within the exclusive framework of private or household purposes or the personal data have been obtained accidentally without prior determination of the purpose and means of processing, without the intent of their further processing in an organized system.

Scope of power of the Office pursuant to the PDP Act consists of:


General tasks of the Office

  • inspects continuously the state of protection of personal data, registration of filing systems and keeping of records concerning the filing systems
  • ensures access to the status of the registration of information systems
  • keeps a register of personal data protection officials
  • submits to the National Council of the Slovak Republic a report on the state of protection of personal data at least once in two years
  • submit a notification to the law enforcement agencies in the case of a suspicion that an offence was committed

Legislative activities of the Office

  • participates in drafting of generally binding legal regulations in the field of personal data protection
  • issues generally binding legal regulations within the scope of its power
  • gives opinions on draft laws and other generally binding legal regulations, which regulate processing of personal data
  • recommends to controllers the measures for ensuring protection of personal data in the filing systems; for this purpose it shall issue recommendations for controllers within the scope of its power
  • issues a binding decision in the case of doubts whether the extent, contents and the manner of processing and use of the processed personal data are adequate to the purpose of their processing, are compatible with the respective purpose of the processing or whether they are not up-to-date as regards to the time and subject-matter in respect of this purpose
  • issues a binding decision in the case of doubts about the trans-border personal data flow
  • issues a binding decision in the case of doubts about registration of an filing system
  • when determining that an act, other generally binding legal regulation or an internal regulation issued by the controller violates the fundamental rights and freedoms of natural persons in the processing of their personal data files the Office gives rise for its amendment or cancellation to the respective authority.

Inspection Activities

  • controls the processing of personal data in the filing systems
  • summons the controllers or processors in order to give an explanation for the alleged infringement of the obligations imposed by law
  • investigates notifications and petitions of legal and natural persons (hereinafter the "notification") concerning suspicion of a breach of the obligations or conditions stipulated by the law
  • issues measures to correct the revealed deficiencies

Decision making activity

  • imposes fines for breaching of the obligations or conditions stipulated by the law
  • executes registration and special registration of filing systems
  • decides on objections to bias and notification of bias
  • decides on objections to an order or objections against remonstrance
  • imposes on the controller or the processor an obligation to make public the  characteristics of the facts of the case concerning the breach of protection of personal data

Activities of the Office towards Foreign

  • fulfils an obligation to notify the European Commission in the field of personal data protection
  • takes measures in order to execute the decisions of the European Commission issued in the field of the personal data protection
  • cooperates with other PDP authorities in foreign countries
Category: 
Desktop version
2018 Office for Personal Data Protection of the Slovak Republic