On Saturday, 25 May 2019, exactly one year has passed since the entry into force of the General Data Protection Act (GDPR), which was marked as the biggest change in the field of personal data protection for decades and has become a global reference point.
Some companies processing personal data in the course of their business activities have harmonized their business with the provisions of the GDPR, wherein it is in the interest of others to do. Media reported in particular of fines imposed by the supervisory authorities abroad. One of the first high-profile cases was the EUR 400,000 fine imposed on a hospital in Portugal. On 21 January 2019, the French Commission Nationale de l’Informatique et des Libertés (CNIL) imposed on Google a fine of EUR 50 million. In the past year, the Slovenian Information Commissioner was mainly concerned with issuing opinions.
The Ministry of Justice announced the adoption of the Personal Data Protection Act (ZVOP-2) complying with GDPR in the summer of 2019. Following the adoption of the ZVOP-2, a more active role in imposing fines for violators is expected by the Information Commissioner. Efforts to harmonize their business with the provisions of GDPR should, therefore, be the priority of each controller and processor who has not yet done so.