Overview of Recent Changes in Legislation on Personal Data Protection

On 23 July 2013 the President of Ukraine signed the Law of Ukraine No. 383-VII “On Amendments to Certain Legislative Acts of Ukraine on Improvement of the Personal Data Protection System” (hereinafter – the “Law”). As we informed earlier, the Law was adopted by the Parliament of Ukraine on 3 July 2013 with consideration of […]

On 23 July 2013 the President of Ukraine signed the Law of Ukraine No. 383-VII “On Amendments to Certain Legislative Acts of Ukraine on Improvement of the Personal Data Protection System” (hereinafter – the “Law”).

As we informed earlier, the Law was adopted by the Parliament of Ukraine on 3 July 2013 with consideration of amendments suggested by the President of Ukraine based on the draft law No. 2836 as of 17 April 2013.

The Law will become effective on 1 January 2014.

The Law vests with the Cabinet of Ministers of Ukraine the obligation within three months after the Law becomes effective to ensure the transfer of applications for registration of personal databases submitted prior to the Law becoming effective and the State Register of Personal Databases to the Human Rights Commissioner of the Parliament of Ukraine (hereinafter – the “Ombudsman“).

The Law amends the Code of Ukraine of Administrative Offences (hereinafter – the “Administrative Offences Code“), the Law of Ukraine “On Protection of Personal Data” and the Law of Ukraine “On Ratification of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and the Supplementary Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data regarding Supervisory Authorities and Trans-Border Data Flows”.

It shall be noted that the Law of Ukraine “On Protection of Personal Data” has been considerably liberalized. In particular, the state registration of personal databases has been abolished. Therefore, as of January 2014 personal data owners will not be obliged to register personal databases anymore.

The Law also sets forth that the competent authority for the personal data protection shall be the Ombudsman instead of the State Service of Ukraine on Personal Data Protection. The compliance with the personal data protection laws shall be monitored by the Ombudsman and the courts.

This amendment reflects the European practice in appointing an independent body to be responsible for adherence to the personal data protection laws.

Due to the abolishment of the state registration of personal databases the Law stipulates that the owner of personal database shall inform the Ombudsman about the processing of personal data if such processing constitutes a special risk for rights or freedoms of personal data subjects. It is also stipulated that the Ombudsman determines at his/her own discretion the types of personal data processing constituting a special risks for rights or freedoms of personal data subjects, categories of subjects obliged to notify the Ombudsman, as well as the form and the procedure for submission of such notices. The Law envisages that such information received by the Ombudsman shall be published on the Ombudsman’s webpage.

The amendments introduced by the Law vest in the Ombudsman, in particular, the following powers:

  •  carrying out scheduled and unscheduled field and remote inspections of owners and/or administrators of personal data;
  •  giving instruction to owners and/or administrators of personal data to eliminate discovered violations of the personal data protection laws;
  •  giving recommendations in the area of the personal data protection;
  •  giving suggestions as to development and implementation of the state personal data protection policy;
  •  monitoring new personal data protection practices, trends and technologies.

New provisions of the Administrative Offences Code set forth that protocols on violation of the personal data protection laws shall be composed by representatives of the Ombudsman’s office (instead of the State Service of Ukraine on Personal Data Protection). The article of the Administrative Offences Code stipulating administrative liability for violations in the sphere of personal data protection has been improved, too. In particular, now it provides for liability for non-notification or delayed notification of the Ombudsman on processing of personal data or change of information being subject to notification.

The Law also sets forth that owners of personal data, who at the moment of the enactment of the Law process personal data subject to notification to the Ombudsman, are obliged to notify the Ombudsman respectively within 6 months after the enactment of the Law.

The Law is, undoubtedly, a positive step towards harmonization of the Ukrainian personal data protection legislation with the EU laws.

We will follow the situation with the personal data protection closely and will inform you on any further developments in this sphere.

 

Author: Oleksander Plotnikov
Counsel, attorney-at-law
Arzinger
Kyiv, Ukraine
http://arzinger.ua

    • May 2018
      Mon Tue Wed Thu Fri Sat Sun
      « Apr    
       123456
      78910111213
      14151617181920
      21222324252627
      28293031  
  • IP4all Weekly Bulletin

    You can subscribe to the weekly IP4ALL Bulletin.

  • Recommended videoView all | 

    The new EU trade mark Regulation enters into force on March 23rd. As a result, the Office for Harmonization in the Internal Market (OHIM) will change its name to the European Intellectual Property Office (EUIPO).

    The amending Regulation also revises the fees payable to the Office, including an overall reduction in their amounts, particularly in the case of trade mark renewal fees. On 23.3. 2016, the Office’s online application forms and fee calculator will be automatically updated to reflect the new system.
    From its base in Alicante, Spain, OHIM has processed more than 1.3 million Community trade mark applications in 23 EU languages, from nearly every country and region in the world, since 1996.

    The Amending Regulation was published on 24 December 2015 and is part of the EU trade mark reform legislative package that also includes the replacement of the existing EU Trade Mark Directive (Directive 2008/95/EC of the European Parliament and the Council).

    OHIM is the EU’s largest decentralised agency. It is entirely self-financed, receiving no funding from the EU Budget. As well as managing the Community trade mark and the registered Community design (RCD), it works in collaboration with the EU national and regional IP offices to build a stronger IP system across the EU for the benefit of users.

  • IP Consulting Ltd. - Intellectual Property Consulting Agency
  • Landmark-TP
  • Ivan Georgiev - Rembrand
  • Global IP Attorneys - The world's leading address guide for patent,  trademark, copyright, intellectual property and IP attorneys. In just a few steps you can find your agency for registration and protection of your intellectual property, patent, design, copyright or trademark.
  • The Professional Sector Network is a referral and networking group that caters exclusively to leading firms with a history of excellence in the business, advisory and investment sectors.
  • IP Basis®

  • IP Guide®

  • Become our partners