US-Ukraine Business Council
Data Protection Registration Required in Ukraine by Year End
Data Protection Registration Required in Ukraine by Year End

Squire Sanders Kyiv, Ukraine, Monday, December 12, 2011

Ukrainian legislation requires that databases controlled by Ukraine-based entities (residents and non-residents) be registered with the Ukrainian authorities by 1 January 2012. Below please find a brief description of the requirements pursuant to the Ukrainian Law "On Protection of Personal Data" (PDP Law) and procedures that must be followed.

Registration of Personal Data
According to the PDP Law, Ukraine-based legal entities must register with the State Service of Ukraine on Personal Data Protection (Data Protection Service) all databases with personal data that they control. Personal data is defined as "any information about an identified or identifiable individual or a summary of such information." This includes, but is not limited to, any databases containing personal data of employees, customers and service providers.

Any existing databases must be registered by 1 January 2012. If any new databases are created after 1 January 2012, they may be registered at any time according to registration procedure.

Registration Procedure
To register a database, a company must file an application (pursuant to the form established by law) with the Data Protection Service. The application must include information about the database controller, the name and location of the database, the purpose for processing personal data, the processor(s) of the database (if any) and confirmation that all personal data protection measures provided by law are being followed.

You can find the application form (in Ukrainian) on the official Data Protection Service website.

No other documents (such as lists of individuals, copies of data protection consent forms, descriptions of the data in the database, etc.) are required.

Registration is free of charge, and applications may be filed on the Data Protection Service website (with electronic signature) or sent by mail. If all registration documents are in order, a certificate of registration should be issued within 10 working days.

Consent
Pursuant to the PDP Law, a controller of a database must provide adequate protection for the personal data it receives. Personal data may be received from individuals only with their prior written consent.

Liability
Starting from 1 January 2012, the database controller is subject to both criminal and administrative liability. For example, a company may be fined in the amount of UAH 8,500 to UAH 17,000 for not registering its database.

For more information on the PDP Law or guidance on other data privacy issues in Ukraine, please contact one of the lawyers listed in this alert.

 

KyivPost

InterContinental Kyiv

MEEST America Inc

SigmaBleyzer

Dunwoodie Travel Bureau

Ukraine Business Insight (UBI) - quarterly investment and trade magazine

Ukraine Macroeconomic Report

Corporate Social Responcibility

Ukraine International Airlines

Action Ukraine Report

People First

People First Democracy Watch Bulletin

TBF Investor Setiment Survey

The national center of folk culture “Ivan Honchar Museum”

State Agency for Investment and National projects of Ukraine

UKRAINIAN NATIONAL MUSEUM (CHICAGO)

Nibulon 20 Years! Congratulations!

Ukrainian Agrarian Confederation (UAC)

Ukrainian Agriculture

Express Operators Report

Software Piracy Report

Action Ukraine History Report
Copyright ©2007-2013. All rights reserved. U.S.-Ukraine Business Council. Web development by Olga Design www.Olga-v.com