Support Centre



Law: Personal Data Protection Act 2022 (only available in Slovenian here) ('ZVOP-2')

Regulator: Information Commissioner ('the Commissioner')

Summary: Slovenia was the last EU Member State to implement the GDPR, with the ZVOP-2 entering into force on 26 January 2023, thereby replacing the Personal Data Protection Act 2004. The Commissioner is an active regulator that has published several guidelines on various topics, including cookies, website privacy policies, data protection officer appointment, and data transfers.


In November 2022, the new Electronic Communications Act ('ZEKom-2') entered into force, derogating and replacing the previous homonymous act. The ZEKom-2 implements Directive (EU) 2018/1972 of the European parliament and of the Council of 11 December 2018 establishing the European Electronic Communications Code ('the Directive') in the legal order of the Republic of Slovenia. Kevin Rihtar, Partner at Karanović & Partners, discusses the main provisions of the ZEKom-2, including in relation to direct marketing.

The last Member State to adapt its national data protection framework to the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), Slovenia adopted, in December 2022, the Data Protection Act 2022 ('ZVOP-2')1, which entered into force on 26 January 2023, thus repealing the Data Protection Act 2004 ('ZVOP-1')2. In this Insight article, OneTrust DataGuidance Research brings you up to speed with the changes brought about by the ZVOP-2.