Local organizations
In every country, there must be an institution that monitors the exercising of individual's rights regarding their personal data (e.g. property data, tax data, banking data, health data, status data and video, audio and photographic recordings, etc.) and the compliance with the prescribed obligations of data controllers. In Slovenia, this is the responsibility of a special state organ – the information commissioner.
If a personal data controller (e.g. ZPIZ, bank, insurance, mobile opera-tor, police, association, health institution, municipality etc.) is using personal data for a purpose which it has no legal basis for or it has not obtained the individual's consent (e.g. sending personal data to an unauthorized person or intentionally destroying important data, etc.), the controller's actions can be put under inspection. The same applies if the controller does not ensure sufficient security of personal data that it otherwise legally manages (e.g. due to inadequate compu-ter protection personal data is available to unauthorized persons or personal data may change in such a way that it is no longer usable for the purpose which they are managed for). The introduction of such control often occurs if the Information Commissioner receives a report of alleged unlawful management of personal data. An inspection report can also be submitted using the form that is available on the Information Commissioner's website.
Individuals also have certain special rights that are exercised on their request (such as the request to access their own personal data or their own medical records, the request for deletion of personal data that is being kept without a legal basis, an objection to the use of data for marketing purposes, correction or supplementation of inaccurate or incomplete data). If the data controller rejects such a request or does not respond, the individual may file a complaint with the Information Commissioner, who decides in an appeal whether the controller should comply with the individual's request or not. Sample forms for request and complaints (separately for patient's rights) are available on the Information Commissioner's website.
In case of any questions or dilemmas about personal data protection (e.g. whether and under what conditions certain conduct is permissible), the Information Commissioner offers advice by phone or in writing in the form of short written opinions. As part of the advisory function, a brochure “You decide on your data” (Vi odločate o svojih podatkih) was prepared especially for senior citizens.
It presents various everyday activities in a simple and concrete way (e.g. healthcare, direct marketing, shopping, visiting a bank or an insurance company, using the internet, Covid-19 epidemic) and related rights that concern an individual's personal data. The brochure thus contains many practical tips for enforcing these rights as well as several simplified basic rules that can make it easier for an individual to deal with large data controllers.
The Information Commissioner also has the power of resolving complaints if a public sector body (such as public institutions, municipalities, state bodies) refuses the request of an individual to access public documents (e.g. documents that disclose the use of public funds). On the Information Commissioner's website you can find numerous published decisions that showcase examples of claiming the right to access public information. The website also contains forms that can be used to exercise this right.
The presentation above was prepared by the Information Commissioner under the iDecide project, which is funded by European Union under the Justice, Equality and Citizenship Program 2014–2020.
Additional information:
Address: Republika Slovenija, Informacijski pooblaščenec
Dunajska 22, 1000 Ljubljana
Phone: 01 230 97 30
Website: www.ip-rs.si
Main office e-mail: gp.ip@ip-rs.si