Data protection impact assessment (DPIA) under Slovenian law

No regulations deviating from the GDPR.

The Slovenian Information Commissioner issued guidelines on data protection impact assessment, available here (in Slovenian). This general guidance on conducting a DPIA is accompanied by a non-exhaustive list of activities where a DPIA is necessary (available in Slovenian here):

  • automated decision-making, scoring and profiling,
  • systematic monitoring of individuals without them being aware of it,
  • processing of special categories of data,
  • processing of personal data on a large scale,
  • combining data from different databases and big data analytics,
  • processing personal data in the context of imbalance of powers (e.g. employment context, children and elderly people, asylum seekers, patients),
  • innovative use of existing and new technologies,
  • processing leading to a limitation of access to a service or a contract, and

processing leading to a direct risk to health and safety of individuals.

Contact us!

Secure the knowledge of our experts!

Subscribe to our free newsletter: