On 3 April 2014 the Slovak National Council amended the Data Protection Act.
On 3 April 2014, less than a year after a major change in the field of personal data protection, the Slovak National Council has amended the Data Protection Act. The changes will become effective on 15 April 2014.
The amendment is mainly supposed to reduce the much-criticized administrative burden of entrepreneurs brought on by the new act. The amendment introduces the following specific major changes:
The obligation to prepare a safety guideline is abolished if a company processes personal data on a computer without internet access and these data are not classified as sensitive (e.g. birth number, photo). The obligation to prepare a safety project remains.
The information duty of an entrepreneur as data controller with regard to individuals whose data it processes also changes, with new exceptions from this duty also specified.
The relatively strict obligation to instruct authorized persons is partly liberalized; however, the changes here are mainly cosmetic.
The obligation to appoint a responsible person changes to a possibility to appoint such a person. After the amendment, the managing director can become the responsible person. However, an entrepreneur who does not appoint a responsible person must register some of their information systems with the Slovak Office for Personal Data Protection. The amendment explicitly introduces this duty with regard to certain information systems (e.g. cameras). The duty to notify with regard to information systems does not attract an administrative fee.
Sanctions for violation of the Data Protection Act will once again be optional. This means that the Authority can, but does not have to, impose a sanction. The maximum amount of sanctions is also reduced.
Entrepreneurs will be glad to learn that the deadline for making their agreement with the data processor compliant with the new act is prolonged from one to two years.