+ Word must be in search result. - Words must not be in search result. * Word start/end on characters before/after symbol. ""Words in quotes will be searched as phrase.


Concerning introduction of liability for breach of personal data protection legislation

29 June, 2011 Newsletters

We would like to inform you that on June 2, 2011 the President of Ukraine has signed the law that brings in administrative and criminal liability for breach of the Law “On personal data protection”.

The Law “On personal data protection” (hereinafter – “the Law”) has become effective since January 1, 2011. It foresees that personal data of the individuals may be processed (i.e. collected, stored, used etc.) only based on written consent of such individuals. At the same time, the definition of the term “personal data”, stated in the Law, is quite general and, in fact, may include any information about individuals.

The Law also provides for mandatory registration of personal data databases in the State register of personal data databases, which is expected to be set up soon.

We would like to bring your attention to the circumstance that this issue is especially urgent for structural departments that work with personal data: sales department, human resources department, accounting department etc.

The sanctions for the breach of the Law will become effective from January 1, 2012. The number of violations, such as non-notification or untimely notification of individual about his/her rights during the inclusion of personal data to personal data database, evasion from registration of databases etc. may cause an administrative responsibility in the form of fines in the amount of UAH 1700 – 17000.

At the same time, for unlawful processing of personal data (i.e. without written consent of an individual) a criminal liability is envisaged, which may result in up to 3 years of limitation of freedom, and in case of repeated violation or if it caused significant damage to the rights and interests of an individual – may trigger deprivation of freedom up to 5 years. Please also be informed that for the imposition of sanctions it is sufficient only to ascertain the fact of unlawful processing of personal data, i.e. the law does not foresee the ascertainment of caused damage etc.

For supervision over compliance with the Law and also for execution of other foreseen functions by virtue of decree of the President as of April 6, 2011 the State Service of Ukraine on Personal Data Protection was established. This Service has quite broad authorities and, generally speaking, is another control authority that has power to perform audits and impose sanctions.

Considering the above, in order to ensure compliance with the requirements of the Law and to secure your business from claims of aforementioned Service, we would like to recommend you taking the following actions:

  • to elaborate draft of written consent of an individual on processing of his/ her personal data.
  • to adopt a number of internal documents: order of the CEO, standard operating procedure regarding processing of personal data etc.
  • to appoint liable person, that will supervise the compliance with the requirements of legislation during the processing of personal data, as it is required by the Law.
  • to elaborate and conclude agreements or appendices to agreements with third parties to whom personal data is transferred or may be transferred for further processing.

We believe that the above information will be useful for you. Please do not hesitate to contact us if you will need assistance on the matter.

The above commentary presents the general statement for information purposes only and as such may not be practically used in specific cases without professional advice.

Newsletter available in Ukrainian and English.

Download pdf-file of the Newsletter (260,0 Kb)

Kind regards,

© TOV "KM Partners", 2011

Views 6404


Concerning the liability for violations under the city planning legislation 15 May, 2018    163

Security of legal costs as new instrument against ungrounded claims 14 May, 2018    184

Environment impact assessment during execution of projects on operating enterprises 27 April, 2018    216

Key risks to commercial activity connected with the Law on Corporate Agreements and the Law on Limited Liability Companies 22 March, 2018    3067

What are the grounds for non-scheduled tax audits in 2018? 19 March, 2018    366

The list of bodies of state supervision (control), which are not covered by the Law of Ukraine “On temporary features of the implementation of measures of state supervision (control) in the field of economic activity” 19 March, 2018    134

Wisely and slow; they stumble that run fast (Shakespeare W.) 28 February, 2018    466

How to cheat friends and influence people – based upon the Draft Law “On Limited Liability Companies and Companies with Subsidiary Liability” 14 February, 2018    1900

How to cheat friends (i.e. creditors) and influence people (i.e. company, which is not belongs to you) – based upon the Draft Law “On Limited Liability Companies and Companies with Subsidiary Liability” 14 February, 2018    2480

Tax time: conclusions and challenges for lawyers 13 February, 2018    617

The Draft Law of Ukraine “On Limited Liability Companies and Companies with Subsidiary Liability”: the first impressions 07 February, 2018    863

Certification of products is canceled: what are the consequences? 07 February, 2018    561