Page 1

When Regulation and when the Personal Data Protection Act?
The frequently asked questions of the Office for Personal Data Protection ('the Office')
addressed, the question is when the operator is subject to the legislation under
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on protection
natural persons in the processing of personal data and on the free movement of such data,
repealing Directive 95/46 / EC (General Data Protection Regulation)
only the “Regulation”) and when Act no. 18/2018 Coll. on the protection of personal data and on change
and amendments to certain acts (hereinafter referred to as “Act No. 18/2018 Coll.”).
1. Why have we adopted national legislation in the form in which Act no.
18/2018 Coll. ?
It should be noted at the outset that the Regulation, based on Article 288
Treaty on the Functioning of the European Union (TFEU) is directly applicable in
all Member States of the European Union, whether or not it follows it
national law of each Member State concerning the protection of personal data
data. Due to compliance with the obligations of the Slovak Republic arising from the TFEU
it was therefore impossible to maintain the legislation on the protection of personal data in
the form contained in Act no. 122/2013 Coll. on the protection of personal data and on change
and amendments to some laws as amended by Act no. 84/2014 Coll. (hereinafter referred to as "Act No.
122/2013 Coll. ”).

1

In the conditions of the legal order of the Slovak Republic stated
represented two possibilities, namely to go the way of amending Act no. 122/2013 Coll., However
only with the help of legislative references to the Regulation, which would be for themselves
addressees of the law inefficiently, or the adoption of new legislation on the protection of personal
data.
The Slovak Republic was the first Member State to decide on a national one
to harmonize the legal regulation with the Regulation by adopting the new Act no. 18/2018 Coll.,
in the form of taking over the standards of the Regulation into its individual parts and this step is
continues to prove to be correct given that the Regulation itself is not covered
for all processing operations 1 and delimitation of the boundary resp. dividing line that
activities are or are not regulated by European Union law is not unequivocal
fixed. The founding treaties (TFEU) provide some guidance in this regard
and the Treaty on European Union), but for activities which do not fall within the scope of Union law
would be the so-called a legal vacuum that is undesirable. For this reason, the Office has decided
to harmonize the legal order in Act no. 18/2018 Coll. so that in the second part of the law
no. 18/2018 Coll. established legislation under the Regulation. The second part of Act no.
18/2018 Coll. cannot be seen as a mere "duplicate" Regulation, as it ensures that
particular reference to Art. 2 par. 2 letter (a) Regulations within the meaning of this Regulation
does not apply to the processing of personal data in the performance of activities which do not fall within the scope of the law
European Union.
1 With

Page 2

that we have adopted uniform standards for the protection of personal data in national law,
how it is secured
legal and factual certainty for operators, intermediaries and
concerned, in the form of ensuring the same principles of personal protection
data, both for activities governed by Union law and for those governed by law
union does not belong,
- Operators and intermediaries do not have to investigate whether they will be affected
apply Regulation or Act no. 18/2018 Coll. In the event that
failed to deal with the material scope of the Regulation, with particular reference to
on Art. 2 par. 2 letter a) Regulations, therefore it is not a mistake to follow them
and proceed only according to Act no. 18/2018 Coll., Even if their activities should be affected
covered by the Regulation.
It is also necessary to point out that Act no. 18/2018 Coll. is the relevant legal one
regulation and in the conditions of the Regulation, as it contains parts that are binding for
all entities, including processing entities falling within the scope
Union law and also for the competent authorities.
2. Parts of Act no. 18/2018 Coll. binding on all entities

2

• Part 1 of Act no. 18/2018 Coll. , with the exception of § 2 and § 5 of Act No. 18/2018 Coll.
• Part 4 of Act no. 18/2018 Coll. , which regulates special situations of law
processing of personal data based on authorizing officers
provisions of the Regulation, in particular Art. 9 par. 4 and Chapter IX. Regulations, under
which Member States have had the option of maintaining or introducing
more specific provisions to indicate the right to protection of personal data
data in accordance with the specifications specific to that legal order,
whether in the field of freedom of expression and the right to information, personal processing
employee data, processing of the national identification number, or
in connection with the duty of confidentiality. The provision of § 78 par. 1, par. 2, par. 3
we currently consider the processing of personal data on the basis of Act no.
18/2018 Coll. in the context of Art. 6 par. 1 letter c) Regulations / § 13 par. 1 letter c)
Act no. 18/2018 Coll.
• Part 5 of Act no. 18/2018 Coll. First head - Position, scope
and the organization of the Office
• Part 5 of Act no. 18/2018 Coll. Title Two - Approval of Codes
behavior, certification and accreditation
• Part 5 of Act no. 18/2018 Coll. Title Three - Control
• Part 5 of Act no. 18/2018 Coll. Title 4 - Personal proceedings
data
• Part 5 of Act no. 18/2018 Coll. Chapter Five - Administrative Offenses (Fines)
and disciplinary fines)
• Part 6 of Act no. 18/2018 Coll. - Common, transitional and final
provisions.

Page 3

Special amendment to Act no. 18/2018 Coll.
• Part 2 of Act no. 18/2018 Coll. - personal data protection legislation
in the framework of the operator's activities which are not subject to Union law and which
regulates the general rules for the protection of personal data of natural persons in their
processing.
• Part 3 of Act no. 18/2018 Coll . To our legal order was
Transposed Directive (EU) 2016/680 of the European Parliament and of the Council, v
laying down rules for the protection of individuals with regard to the processing of personal data
data by the competent authorities to carry out tasks for the purposes of criminal proceedings.
The operators of the information system in this case are the Police Force,
Military Police, Prison and Judicial Internship Corps, Financial Administration,
the public prosecutor's office and the courts (competent authorities) which process personal data for the purposes of
prevention and detection of crime, detection of criminals
offenses, criminal investigations, prosecutions or for purposes
enforcement of decisions in criminal proceedings, including protection against threats
public order and the prevention of such a threat
3. When will the operator be subject to Act no. 18/2018 Coll. and when
Regulation?

3

Most processing activities will fall under the Regulation regime because
negative definition of the material scope of the Regulation with reference to Art. 2 par. 2 letter
a) The Regulation is relatively restrictive.
In the legal conditions of the Slovak Republic, other areas
not regulated by Union law will be governed by Act no. 18/2018 Coll. as a whole and as an example
In an area not regulated by Union law, we can mention the legal regulation of filing
complaints pursuant to Act no. 9/2010 Coll. on complaints, Act no. 179/2011 Coll. about
economic mobilization as amended, or we can help
recital 16 of the Regulation, according to which the Regulation does not apply to matters of protection
fundamental rights and freedoms or the free flow of personal data relating to activities,
which do not fall within the scope of Union law, such as activities relating to national law
security.
In simple terms, the issue can be explained below
examples:
1. In the case of the processing of personal data in the framework of the controller's activities,
which falls under Union law:
- the operator will be subject to the legislation under the Regulation
- Act no. 18/2018 Coll. , to the extent of:
• Part 1 (except for § 2 and § 5 of Act No. 18/2018 Coll.)

Page 4

• Part 4 of Act no. 18/2018 Coll. (Sections 78 and 79 of Act No. 18/2018 Coll.)
• Part 5 of Act no. 18/2018 Coll. (Sections 80 - 106 of Act No. 18/2018 Coll.)
• Part 6 of Act no. 18/2018 Coll. (§ 107-112 of Act No. 18/2018 Coll.)
- special rules may also apply. 2
2. In the case of the processing of personal data in the framework of the controller's activities,
which do not fall under European Union law:
- Act no. 18/2018 Coll., With the exception of its 3rd part , which
applies only to the processing of personal data by the competent authorities for performance
tasks for the purposes of criminal proceedings.
- special rules may also apply.
3. In the case of processing of personal data by the competent authorities for the performance of tasks
for the purposes of criminal proceedings:
Act no. 18/2018 Coll., To the extent of:
• Part 1 of Act no. 18/2018 Coll.
• Part 3 of Act no. 18/2018 Coll.
• Part 4 of Act no. 18/2018 Coll.
• Part 5 of Act no. 18/2018 Coll.
• Part 6 of Act no. 18/2018 Coll.
• from Part 2 of Act no. 18/2018 Coll. for the processing of personal data
only the provisions specified in § 52, § 59, § 67 and § 73 of Act no.
18/2018 Coll.

4

In the case of processing activities of the competent authorities for which they do not comply
tasks for the purposes of criminal proceedings proceed as described above
mechanism, that is, the operator with regard to the subject of his
activities shall determine whether or not the area is governed by Union law.

2

For example, Act no. 438/2001 Coll. on banks, as amended, Act no. 586/2003 Coll.

on Advocacy, as amended, Act no. 351/2011 on electronic communications as amended
later regulations

Page 5

Annex no. 1

5

