Slovenia: Information Commissioner adopted opinion on the obligation to keep records of processing activities (No. 07121-1/2025/912)

On 23 July 2025, the Slovenian Information Commissioner issued an opinion on the records of processing activities under the General Data Protection Regulation and Slovenia's personal data protection Act. It was highlighted that companies and organisations with fewer than 250 employees are generally exempt. It was however, emphasised that the companies must still keep records if the processing poses risks to individuals’ rights and freedoms, is not occasional, or involves special categories of personal data or data on criminal convictions and offences. Records must be written or electronic and include the elements in Article 30 of the General Data Protection Regulation. The opinion also highlighted that the duty to assess compliance lies with the controller or processor.