Slovenia: Information Commissioner adopted opinion on exercising the right to access personal data through an authorised representative, including obligations of the operator (No. 07120-1/2025/328)

On 23 July 2025, the Information Commissioner of Slovenia issued an opinion on access to personal data by proxy. It was highlighted that individuals may exercise this right directly, through a legal representative, or through an authorised representative. It was also specified that the General Data Protection Regulation (GDPR) and the Slovenian Personal Data Protection Act (ZVOP-2) do not regulate proxy requests in detail, so the General Administrative Procedure Act (ZUP) applies. Under the General Administrative Procedure Act, authorisations may be written or oral, and controllers must verify their validity. If authenticity is doubtful, a certified authorisation may be required. It was also highlighted that the responsibility lies with controllers, while the Information Commissioner may only act in supervisory proceedings.