Article 42(1) of the Data Protection Act explicitly confirms that for a set of similar processing operations that present similar high risks, a single data protection impact assessment is enough.

DPIA list of the Slovak supervisory authority

Slovak Data Protection Authority also published a list of processing operations for which the data protection impact assessment is necessary (in Slovak), available at: https://dataprotection.gov.sk/uoou/sk/content/zoznam-spracovatelskych-operacii-ktore-podliehaju-posudeniu-vplyvu.

These operations include for example:

  • Processing of biometric or genetic data
  • Evaluation or scoring of a natural person or its profiling
  • Evaluation of credibility of a natural person
  • Employee monitoring
  • Etc.

Guidelines of the supervisory authority

The Slovak Data Protection Authority published a methodology of data protection impact assessments (in Slovak), available at:

https://dataprotection.gov.sk/uoou/sites/default/files/zz_2018_158_20180615.pdf.

Prior consultation

Moreover, the Slovak Data Protection Act does not regulate the opening clause of Article 36(5) of the Data Protection Act. Therefore, it does not require the prior consultation or authorization from the supervisory authority in relation to processing in the public interest, including processing in relation to social protection and public health.