Information is normal

Ukraine is planning to become a member of the European Union in foreseeable future, and therefore changes its legislation and implements reforms with a view to meet the requirements of this association, and in particular in the field of personal data protection, as well as honor, dignity and business reputation.


General Regulations


It happened on May 25, 2018, that the General Regulations for the Protection of Personal Data (GDPR) entered into force.  This document is primarily aimed at the protection of personal data, the unification of regulatory legal acts of the countries – participants of the European Union and the refutation of unreliable information.  The main features of the document include the comprehensive regulation of the collection, processing and protection of personal data, high fines for violating the law, as well as the extraterritorial principle of its operation.


GDPR is a universal tool that helps to interact with one other not only individuals, companies and various government agencies, but also dozens of states, it is done with a view to protect the personal data of EU citizens and all those whose personal data will be collected, processed and used in the EU.


This regulation can be applied to natural persons and legal entities that have been registered both in the European Union and outside it, if they perform actions to collect, process and use information in relation to EU citizens or foreign citizens located in the European Union.


These legal entities include:


1) information and news web resources registered both in EU member states and in other countries that in any way collect, process and use personal data of persons;


2) online stores, which can be registered in the EU or beyond, but provide services in the language and for the currency of the country participating in the European Union;


3) manufacturers of applications for various devices, which are forced to collect and process personal data of users  with a view to provide full functioning of their products.


I would like to pay special attention to Article 6 (legitimacy of data processing) and Article 10 (processing personal data on record of convictions and criminal offenses) GDPR.


Article 6 states that the processing will be considered legal, only if one of the requirements is met, namely:


— the data processing entity has given its consent to the processing of personal data for one or several special purposes;


— processing is necessary to fulfill the contract to which the processing data subject claims to be a party;


— processing is necessary to protect the vital interests of the processing data legal entity or other  individual;


Article 10 provides that the processing of personal data on record of convictions and criminal offenses is done on the basis of Article 6 and only under supervision of an official body, or if processing is permitted by the legislation of the European Union or a Member State, which provides for appropriate guarantees of the rights and freedoms of the processing data legal entity.


Thus, if information about a person was obtained without complying with the above-said rules, then that person has the right to apply:


— to the owner of the website, the registrar with a view to delete personal data obtained in violation of applicable laws, as well as publications or news in which such data could be used;


— to the relevant authorities of a European Union Member State with a view to protect personal data, as well as honor, dignity and business reputation, if such data were used in publications discrediting honor, dignity and business reputation.


GDPR in Ukraine


We should also mention the administrative fines that can be imposed for various violations related to personal data, in accordance with the GDPR equal 20 million euros, or 4% of the company’s total global annual turnover for the previous fiscal year, depending on what amount prevails.  However, these values ​​may vary depending on the legislation of a particular EU member state or the property status of a person.


With regard for Ukraine, an administrative fine for violations related to the collection, processing or use of personal data may be imposed in the amount of up to 34,000 UAH.


In addition, I would like to note that companies that collect, process and use personal data of individuals on their own web resources should indicate their “contacts”, the purpose of collecting and processing information, which, in the event of a violation, will allow to file a lawsuit against a specific person.


In Ukraine, some websites that are engaged in the collection, processing and use of information do not indicate contact details or information necessary to file a claim or a lawsuit to the court in case of improper use or dissemination of information.


Under the circumstances, the main option of protection is to apply to the court with a statement to establish the legal fact of the inaccuracy of information posted on the Internet, but such a statement does not help solving the problem, since the owner and editorial staff of the web resource can continue to collect, process and distribute personal data without the consent of the person.


If we talk about compliance with the legislation according to GDPR, then companies registered in the European Union do not ignore the requirements for GDPR as regards deleting personal data obtained in violation of the law, giving such requests high priority.


We convinced ourselves of this when, using the GDPR, we submitted requests to various registrars and registrants registered in the territory of the European Union.  Our requirements with regard for deleting information that was not properly received and processed were satisfied, and publications containing information obtained in violation of the GDPR were deleted.


The GDPR is a useful tool of the European Union that can be applied to companies registered both in the EU and beyond, if they perform activities in the form of collecting, processing and using personal data of various persons in the European Union.  Borrowing some of the rules of GDPR into Ukrainian legislation could help improve the regulation of the collection, processing and use of personal data of Ukrainian citizens by changing the Ukrainian legal norms in respect of fines for violating legislation on the protection of personal data, and citizens, in turn, would receive new opportunities in the use of their personal data.

Fedir Hrybovskyi, lawyer of Dynasty Law Firm

Especially for the newspaper “Legal Practice”:



Publications 10 May, 2019

Write a comment

Ваш электронный адрес не будет опубликован

1 × 5 =