The Slovak Data Protection Office (“the Office”) has the power to investigate complaints and cases, and to impose penalties for breaches of the data protection act; penalties can be up to €200,000 and it can be imposed repeatedly if the same breach is also committed repeatedly, but also for the same breach if the sanctioned person does not remedy the breach within the deadline stipulated by the Office. Liability for a particular breach ceases to exist if the Office fails to impose a penalty within two years from the date on which the Office learned about the breach, however no later than five years from the date of the breach.
Individuals can seek judicial remedies and damages for breach of protection of their personhood.
An individual found guilty of the unauthorized disposal of personal data may be punished by imprisonment for a term of up to 2 years.
Selected Enforcement Actions / General Comments
Data controller was imposed a fine of € 5,000 for not informing data subjects of the fact that processing of their personal data was entrusted to a data processor. Data controller was imposed a fine of € 4,945 for not completing the security project concerning the terms of data processing in the information system. In cases when cooperation was not provided in an administrative proceeding, the Office often imposed a fine ranging from €1,500 to €9,000. In the course of inspection activities, the Data Protection Office focused mainly on prevention. In the years 2011-2012, the Office imposed fines of € 26,850 in total.