Informacijski pooblaščenec Republika Slovenija
    SLO | ENG

General Data Protection Regulation comes into force in one year – on 25 May 2018

+ -

Press release


Call for public administration, companies and other organisations – personal data controllers and (contractual) processors to prepare and adapt on time


The new General Data Protection Regulation (GDPR) comes into force in one year exactly – on 25th May 2018. GDPR brings several novelties for public administration, companies, and other organisations – data controllers and processors. Timely preparations are necessary, some of them demand analysis of all the procedures in otherwise already established personal data processing forms. Although the Slovenian Government has not yet started a legislation procedure for implementing certain GDPR provisions, the Information Commissioner has issued a flyer with certain basic information on the new regulation. The flyer has been sent to all the ministries, associations, chambers, and other controllers and processors organisations in public and private sector in order to start the preparations for the GDPR in due time.


The novelties for the controllers and processors are several, to mention some: the obligation to notify personal data protection breaches, the obligation to appoint a data protection officer and to carry out data protection impact assessments, etc.


Article 29 Working Party Guidelines on some important topics are already available on our website.


Given the high level of personal data protection in Slovenia, it is our assessment that the data controllers and processors, who have been diligently following the provisions of Personal Data Protection Act (ZVOP-1) and the Information Commissioner's guidelines, should not encounter greater difficulties implementing the GDPR provisions in practice. We are expecting more detailed draft proposals for the GDPR implementation in Slovenia by the Ministry of Justice shortly. We will continue to provide all the relevant information regarding GDPR on our website.


Data controllers and processors are reminded that until 25th May 2018 the Personal Data Protection Act (ZVOP-1) is still in force.


The flyer is available on our website, where you can find more information on the personal data protection reform:

Information Commissioner

Mojca Prelesnik, information commissioner