On 25 May 2018 a new regulative GDPR will enter into force and time is running out. GDPR throughout the EU replaces and upgrades data protection regime that is twenty years old. GDPR will be implemented in Slovenia with a national law ZVOP-1. GDPR is a European regulation that is directly applicable to Member States. Slovenia will use the option to regulate this in a more detailed provision by adopting ZVOP-2, prepared by the Ministry of Justice. Draft will be published in the first days of October.

GDPR and changes it brings to business

Among new rights, we should highlight the right to be forgotten, limited process and transferability of individual data. The process of consenting to the collection and processing is defined more specifically. The validity of previous consents will have to be verified.

GDPR specifies in which cases, operators and processors of personal data must perform an analysis of the effect of the processing on the protection of personal data, report about safety incidents to the supervisory authority and appoint a person responsible for the protection of personal data. Operators will run databases in renewed form, but they will not need to send them to the Information Commissioner again. Data processing solutions will have to be developed while respecting the principle of built-in and default protection of personal data. For a violation or failure to comply with the requirements with the GDPR, high penalties are foreseen.

GDPR directly affects all sectors and procedures for processing personal data. Also in the field of documentary and archival storage, where the obligators will have to check the existing or prepare new internal rules. In the case of outsourcing also new contracts.