By Danica Valentova, Firm: Nitschneider & Partners
This article describes how Slovakia has adapted to the entry into force of the GDPR, including the actions of the data protection authority, and how employers have dealt with their new data protection responsibilities.
Slovakia is still waiting for the first fine for failure to comply with the GDPR. Notwithstanding, the Slovak DPA is not afraid to impose fines of up to EUR 5,000 for refusal to cooperate during inspections to ‘motivate’ the organisations under inspection to provide the requested documents and information.
The reason for this is that the Slovak DPA is overloaded with thousands of complaints brought by the individuals, who in many cases are not even the data subjects, whose rights could have been violated. This means the inspections take months and data controllers are nervous of whether they are fully compliant or will be fined.
Despite the fact that the GDPR is effective EU-wide, Slovakia has adopted its own legislation, which came into force on the same day as the GDPR. The local law does not deviate from the official text of the GDPR, except the parts regulating the activities of the Slovak DPA. So far, the interpretations of the GDPR made by the local authority are in line with the guidelines issued by the European Data Protection Board.
Slovak employers were quite well prepared for the GDPR. HR departments took the opportunity to revise HR documentation to meet the GDPR requirements, and if necessary, to update it in other areas as well. One year later we note that most employers have implemented the GDPR, or have at least tried to. One positive observation is that after identifying any inconsistency with the GDPR, they are willing to fix it very fast.
The Slovak courts are also well prepared to apply the European case law when dealing with an employee privacy breach and monitoring employees´ work activities. Moreover, the Supreme Court has opined that such case law also applies to the privacy breaches that occurred prior to the relevant EU case law. This means employers are forced not only to keep up with recent EU case law but also to establish a careful balance between their right of control and employees’ privacy rights to avoid any future claims.