Law of Ukraine “On Personal Data Protection”: Highlights
On January 19, 2012, Vasil Kisil & Partners hosted a press breakfast dedicated to the main provisions of the Law of Ukraine “On Personal Data Protection” and practical aspects of its application. The press breakfast was held by Oksana Voynarovska, Counsellor, and Vladyslav Podolyak, Leading Associate.
Vladyslav Podolyak started his speech by pointing out that the enactment of the Law of Ukraine “On Personal Data Protection” is a logical consequence of the rapid development of informati0n technologies. Modern computer networks afford companies ample opportunities to generate, process and exchange a huge volume of information and, thus, companies should be conscious that storage, maintenance and protection of personal databases are required to prevent the unfair practices of individual employees, which may threaten not only the interests of the client, but also the goodwill of the company. The procedure to ensure compliance with the requirements of the commented Law is often subject to a narrow interpretation: many companies believe that it would be enough to register their databases without taking further steps. The 30-year experience of the development of Western European law proves that it is not only about the registration of databases, but also about each company building a system of business processes, which would ensure the legitimate use of personal data of employees, customers, contractors, consumers, etc.
The major problem of the Law “On Personal Data Protection”, as seen by lawyers of Vasil Kisil & Partners, is the obligation to notify personal data subjects of their rights related to personal data protection, the purpose of personal data processing and the third parties to whom personal data can be disclosed, solely in writing. It should be noted that companies often do not have the mailing addresses of their personal data subjects. For example, personal data could have been supplied to the company electronically – through on-line registration, in a filled-in form (with no indication of the actual address) sent to an e-mail box, etc. This requirement does not correspond with the existing state of affairs in the business environment where most communications are handled electronically. The bulk mailing of the above notifications by ordinary mail obviously has a tingle of archaism about it and can seriously hamper the effectiveness of business operations. At the same time, the Law provides for the possibility of obtaining consents to personal data processing electronically (for example, through the use of checkboxes), which fact is yet another evidence of the lack of logic behind the requirement to notify personal data subjects of their rights specifically in writing.
Another issue in focus was the liability for any violations in the personal data protection domain. In addition to criminal and administrative liability, which may arise under the law, business entities should also bear in mind the risk of civil liability, which they may face due to lawsuits filed by personal data subjects against such business entities.
In conclusion, Vladyslav Podolyak spoke about the services offered by law firms, in particular by Vasil Kisil & Partners, to Ukrainian businesses to help them comply with the Law “On Personal Data Protection”: legal advice on personal data processing, drafting sample data processing consents and legal reservations, preparing agreements on maintenance and servicing of personal databases, legal support of personal database registration and handling court cases related to personal data protection, etc.
Please click here to read the presentation.
Vladyslav Podolyak started his speech by pointing out that the enactment of the Law of Ukraine “On Personal Data Protection” is a logical consequence of the rapid development of informati0n technologies. Modern computer networks afford companies ample opportunities to generate, process and exchange a huge volume of information and, thus, companies should be conscious that storage, maintenance and protection of personal databases are required to prevent the unfair practices of individual employees, which may threaten not only the interests of the client, but also the goodwill of the company. The procedure to ensure compliance with the requirements of the commented Law is often subject to a narrow interpretation: many companies believe that it would be enough to register their databases without taking further steps. The 30-year experience of the development of Western European law proves that it is not only about the registration of databases, but also about each company building a system of business processes, which would ensure the legitimate use of personal data of employees, customers, contractors, consumers, etc.
The major problem of the Law “On Personal Data Protection”, as seen by lawyers of Vasil Kisil & Partners, is the obligation to notify personal data subjects of their rights related to personal data protection, the purpose of personal data processing and the third parties to whom personal data can be disclosed, solely in writing. It should be noted that companies often do not have the mailing addresses of their personal data subjects. For example, personal data could have been supplied to the company electronically – through on-line registration, in a filled-in form (with no indication of the actual address) sent to an e-mail box, etc. This requirement does not correspond with the existing state of affairs in the business environment where most communications are handled electronically. The bulk mailing of the above notifications by ordinary mail obviously has a tingle of archaism about it and can seriously hamper the effectiveness of business operations. At the same time, the Law provides for the possibility of obtaining consents to personal data processing electronically (for example, through the use of checkboxes), which fact is yet another evidence of the lack of logic behind the requirement to notify personal data subjects of their rights specifically in writing.
Another issue in focus was the liability for any violations in the personal data protection domain. In addition to criminal and administrative liability, which may arise under the law, business entities should also bear in mind the risk of civil liability, which they may face due to lawsuits filed by personal data subjects against such business entities.
In conclusion, Vladyslav Podolyak spoke about the services offered by law firms, in particular by Vasil Kisil & Partners, to Ukrainian businesses to help them comply with the Law “On Personal Data Protection”: legal advice on personal data processing, drafting sample data processing consents and legal reservations, preparing agreements on maintenance and servicing of personal databases, legal support of personal database registration and handling court cases related to personal data protection, etc.
Please click here to read the presentation.