13 February, 2019

Unintentional data breach and measures to avoid it

Unintentional breach of personal data has recently been disclosed by Slovenian state authority and Slovenian companies.

The General Data Protection Regulation (hereinafter: »the GDPR«) defines personal data breach as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. Furthermore, the GDPR specifies the obligation of the controller to notify the supervisory authority of the personal data breach. Slovenian government has established the Information Commissioner as a supervision authority in such matter. The Information Commissioner must be notified of personal data breach within 72 hours after the breach has been made. In the event that the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller should communicate personal data breach to the data subject without undue delay.

The GDPR stipulates fines of up to 20 million EUR or 4% of the annual income in case such breach has been made, and the supervision authority is not notified. However, the following measures should be undertaken in order to avoid the abovementioned fines and to increase the security of processing:

  • the pseudonymization and encryption of personal data;
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

In case such measures were not undertaken by your company, we advise you to do so.

The new application for monitoring contacts with COVID-19

The new application for monitoring contacts with COVID-19

The proposal for Act on intervention measures to prepare for the second wave of coronavirus COVID-19, which amends and supplements…

Read more
Tourist vouchers

Tourist vouchers

Tourist voucher is one of the government measures to mitigate the consequences of the Covid-19 epidemic, as the tourism is…

Read more
New measures to maintain employment during the COVID-19

New measures to maintain employment during the COVID-19

On 29 May 2020, the National Assembly adopted the Intervention Measures to Mitigate and Eliminate the Consequences of the COVID-19…

Read more


Dalmatinova ulica 2
SI-1000 Ljubljana, Slovenia


+386 59 097 400
+386 59 097 410