Slovakia · SK
Privacy policy for selling in Slovakia (GDPR) — what it must contain (2026)
Selling to consumers in Slovakia means you must inform them about your data processing under the GDPR and the Slovak Act No. 18/2018 Coll., supervised by the ÚOOÚ SR. A home-country privacy policy does not cover Slovakia's cookie rules (opt-in under Act 452/2021) or the language requirement. Below: which law applies, what your policy for the Slovak market must contain, and how to prepare it.
Which data protection law applies in Slovakia?
Processing consumer data in Slovakia is governed by the GDPR and the national Act No. 18/2018 Coll. on personal data protection, enforced by the ÚOOÚ SR. While the GDPR applies EU-wide, the Slovak market has its own practical requirements — particularly on cookies and language — that a home-country policy does not reflect.
Mandatory content under the GDPR and Act 18/2018
- Data controller — identity and contact details, plus a DPO where applicable.
- Purposes and legal basis of each processing activity (consent, contract, legal obligation, legitimate interest).
- Categories of data and recipients.
- Retention periods per purpose.
- Individuals’ rights and how to exercise them.
- Transfers outside the EU and the safeguards used (standard contractual clauses, etc.).
Cookies — consent under Act 452/2021
Non-essential tracking cookies require prior opt-in consent under § 55 of Act No. 452/2021 Coll. on electronic communications. The user must be able to refuse as easily as accept. Setting trackers before consent is a frequent ground for complaints and inspections.
Slovak and individuals’ rights
Information aimed at consumers in Slovakia must be published in Slovak (State Language Act No. 270/1995 Coll.). Your customers have the rights of access, rectification, erasure, restriction, objection and portability; the policy must explain how to exercise them and note the right to lodge a complaint with the ÚOOÚ SR.
Risk and enforcement
Common failings: a generic, copied policy that does not describe actual processing, missing retention periods, a non-compliant cookie banner, and omitting the ÚOOÚ SR reference. The ÚOOÚ SR can fine up to EUR 20M or 4% of turnover for GDPR breaches.
How to prepare a compliant policy for Slovakia
Rather than translating your existing policy, generate a document that describes your real processing activities — purposes, legal bases, retention, rights and cookies — compliant with the GDPR and Act 18/2018, in Slovak and ready to publish in minutes.
Frequently asked questions
Is a privacy policy mandatory in Slovakia?
Yes. The GDPR (art. 13) requires informing individuals at the point of data collection. Any shop processing customer data in Slovakia must provide an accessible privacy policy.
How do the GDPR and Act 18/2018 relate?
The GDPR is the EU regulation; the Slovak Act No. 18/2018 Coll. implements it (§ 19 et seq.) and specifies the controller's duties and the ÚOOÚ SR's procedures. Both apply together.
How must the cookie banner work in Slovakia?
Non-essential tracking cookies require opt-in consent under § 55 of Act No. 452/2021 Coll. on electronic communications. Refusing must be as easy as accepting.
Does the policy have to be in Slovak?
For information aimed at consumers in Slovakia, Slovak is required (State Language Act No. 270/1995 Coll.). The policy for the Slovak market should therefore be in Slovak.
What fines can the ÚOOÚ SR impose?
Up to EUR 20 million or 4% of global turnover for GDPR breaches — for example failure to inform individuals or unlawful processing.