Sanctions and penalties under Slovenian data protection law

Penal provisions of the ZVOP-1 remain applicable only insofar as they relate to the provisions of the ZVOP-1 that have not been superseded by the GDPR. They are especially relevant with regard to specific processing situations which continue to be extensively regulated by the ZVOP-1. Fines under the ZVOP-1 amount up to EUR 12,510.

While the Slovenian Information Commissioner has the authority to impose fines according to the ZVOP-1, it does not have the authority to impose administrative fines and other sanctions for breaches of the GDPR. This is due to a very narrowly construed legal basis in the Information Commissioner Act. Therefore, at the time of writing, even for violations of the core GDPR provisions, such as Art. 6 and 15-20 GDPR, only warnings and no fines can be imposed by the Information Commissioner. However, such conduct is still considered a violation of the law, and legal proceedings may be initiated after the law is amended, provided that the statute of limitations has not yet been reached.

Contact us!

Secure the knowledge of our experts!

Subscribe to our free newsletter: