Procedure of controller in the course of personal data processing

Printer-friendly versionPrinter-friendly versionPDF verziaPDF verzia

Personal data may be processed only by the controller or the processor. Personal data may be processed only in the manner pursuant to this Act and within its borders thus causing no harm to fundamental rights and freedoms of data subjects, mainly to their right to preserve human dignity or other unjustified interference to their right of privacy.

 

What are the requirements in the course of personal data processing?

Personal data may be processed solely by the controller. To maintain personal data protection the controller is obliged mainly to abide obligations set by the PDP Act. In the course of personal data processing it is necessary to mainly to:

  • determine who is the controller, eventually the processor and determine their mutual relationship via written agreement pursuant to Section 8,
  • to determine the purpose of personal data processing provided personal data processing is not carried out pursuant to a special act,
  • determine the conditions (means and manners) of personal data processing,
  • determine the list of personal data provided personal data processing is not carried out pursuant to a special act,
  • abide basic principles of personal data obtaining and processing (mainly section 6),
  • obtain data subject´s consent for personal data processing provided that the PDP Act does not state that personal data may be processed without the consent of the data subject (Section 10 and 11),
  • fulfil obligation to provide information to data subject before obtaining personal data (Section 15 Paragraph 1 to 3),
  • elaborate appropriate safeguards and security documentation (Section 19 and 20),
  • instruct entitled persons (Section 21),
  • maintain obligation to secrecy (Section 22),
  • abide requirements and relevant obligations for designation of the data protection officer provided that the controller chooses to designate the data protection officer for the execution of personal data processing surveillance (Section 23 to 26),
  • notify the filing systems, submit the filing systems for special registration and keep records of them (Section 33 to 44),
  • provide cooperation to the Office in the course of executing its tasks pursuant to the PDP Act.

The controller is obliged to abide particular obligations during the whole course of personal data processing pursuant to conditions of processing.

 

Desktop version
2018 Office for Personal Data Protection of the Slovak Republic