No regulations deviating from the GDPR.
The Slovenian Information Commissioner issued guidelines on data protection impact assessment, available here (in Slovenian). This general guidance on conducting a DPIA is accompanied by a non-exhaustive list of activities where a DPIA is necessary (available in Slovenian here):
- automated decision-making, scoring and profiling,
- systematic monitoring of individuals without them being aware of it,
- processing of special categories of data,
- processing of personal data on a large scale,
- combining data from different databases and big data analytics,
- processing personal data in the context of imbalance of powers (e.g. employment context, children and elderly people, asylum seekers, patients),
- innovative use of existing and new technologies,
- processing leading to a limitation of access to a service or a contract, and
processing leading to a direct risk to health and safety of individuals.
