The General Data Protection Regulation (GDPR), a key piece of EU legislation about data privacy, will enter into force on 25 May. Slovenian companies are already preparing for a major change in how they treat personal data, but the law implementing the regulation is not on the horizon yet.
At a debate hosted on Wednesday by AmCham Slovenia, stakeholders stressed that the regulation would be directly applicable even if no law is adopted until 25 May.
"A regulation is a directly applicable legal instrument, implementation is not even strictly necessary. But there will be certain gaps on how to act in areas where the current personal data protection act and the regulation collide," said lawyer Jaka Simončič, who helps companies prepare for the GDPR. He also warned that if the act contains provisions that run contrary to the regulation, it is very likely any contentions provisions of the act would be invalid. It is unclear as yet when the government may adopt the act, especially now that the prime minister has resigned and the cabinet is staying on in caretaker role.
But Alenka Jerše, the deputy information commissioner, also noted that her office had submitted 30 pages of commentary to the draft bill. "We've not had so many comments about any law," she said. Jerše said the Justice Ministry has been warned two years ago - the GDPR was adopted in 2016 - it was high time to adopt the requisite legislation, as companies cannot adjust in a month. But she was also quick to point out that the Office of the Information Commissioner would not immediately start pestering companies about compliance, it will try to verify adherence to the principles of transparency and responsibility.
"It's clear we won't start a witch hunt on 25 May ... If a company can show that it processes personal data using a certain legal basis, this will suffice."
Tina Rosario on GDPR
Alenka Jerše on GDPR
Jaka Simončič on GDPR
You can see the photos of the event on our Facebook page.
AmCham Focus Partners: