13 February, 2019

Unintentional data breach and measures to avoid it

Unintentional breach of personal data has recently been disclosed by Slovenian state authority and Slovenian companies.

The General Data Protection Regulation (hereinafter: »the GDPR«) defines personal data breach as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. Furthermore, the GDPR specifies the obligation of the controller to notify the supervisory authority of the personal data breach. Slovenian government has established the Information Commissioner as a supervision authority in such matter. The Information Commissioner must be notified of personal data breach within 72 hours after the breach has been made. In the event that the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller should communicate personal data breach to the data subject without undue delay.

The GDPR stipulates fines of up to 20 million EUR or 4% of the annual income in case such breach has been made, and the supervision authority is not notified. However, the following measures should be undertaken in order to avoid the abovementioned fines and to increase the security of processing:

  • the pseudonymization and encryption of personal data;
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

In case such measures were not undertaken by your company, we advise you to do so.

Seventh Anti-Corona Package (PKP7) brings changes to personal income tax

Seventh Anti-Corona Package (PKP7) brings changes to personal income tax

Article 59 of the Act determining intervention measures to assist in mitigating the consequences of the second wave of COVID-19…

Read more
Crisis Benefit (PKP7)

Crisis Benefit (PKP7)

Just before the new year, the National Assembly of the Republic of Slovenia adopted the seventh anti-corona law, called Act…

Read more
Suspension of deadlines

Suspension of deadlines

The Slovenian Government has adopted a Resolution on suspension of the deadlines for exercising the rights of the parties in…

Read more


Dalmatinova ulica 2
SI-1000 Ljubljana, Slovenia


+386 59 097 400
+386 59 097 410