The National Assembly has passed a bill implementing the EU's General Data Protection Regulation (GDPR) into national law as the last country in the bloc to do so and way past the deadline. GDPR is the toughest privacy and security law in the world.

The bill, passed on 15 December, aims to ensure that data processing is lawful at systemic level. It also deals with some national specifics.

Presenting the bill in parliament, Justice Ministry State Secretary Igor Šoltes called it one of the most important bills on the protection of human rights as set down in the constitution.

The law protects a person's right to personal data protection and bans the use of personal data contrary to the purpose for which they have been collected.

It gives everyone the right to be informed of the data collected about them, and sets down the right to legal remedy.

The Information Commissioner remains in charge of oversight, however certain areas are exempt from checks, such as the judiciary, and intelligence and security services.

EU members were supposed to implement the GDPR by mid-2018, and the European Commission has alerted Slovenia of its failure to do so several times.

The bill was drafted under the previous government, but slightly changed by the new cabinet. Among other things, it added a provision under which personal data protection is a human right.

The opposition Democrats (SDS), the senior partner in the previous coalition government, argued the bill put too much weight on protecting the interests of the state rather than those of individuals. They also argued it would give the Information Commissioner "absolute power".

Their former coalition partners, the NSi, raised issue with excessive administrative work for businesses, such as an obligation to keep a log of personal data processing.