The right to privacy is one of the guaranteed constitutional human rights (Article 32 of the Constitution of Ukraine). Personal data protection, in turn, is its integral part. In Ukraine, legal relations related to the processing of personal data are governed by the Law of Ukraine “On the Protection of Personal Data”.
The protection of personal data in Ukraine is a very complex issue. High-profile scandals and criminal cases involving leaks of personal data implore us to pay attention to the legal and technical side of the processing of information about individuals
The law of Ukraine does not contain an exhaustive list of data that are classified as personal, which is natural. Currently, personal data can be recognized according to three criteria:
Processing is any action or set of actions, such as collection, registration, accumulation, storage, adaptation, change, renewal, use and distribution, sale, transfer, depersonalization, destruction of personal data, including using (automated) information systems.
There is a category of particularly sensitive data, the processing of which is prohibited. In particular, this is the data on racial or ethnic origin, political, religious or ideological beliefs, membership in political parties and trade unions, the imposition of criminal penalties, as well as data related to health, sexuality, biometric or genetic data.
Of course, there are exceptions to any rule. For example, if the processing is carried out in the presence of an unambiguous consent of an individual for such processing, or this data was clearly published by the subject of personal data, the above prohibition does not apply.
The subjects of legal relations related to personal data are:
The owner of personal data is a natural or legal person who determines the purpose of processing personal data, establishes the composition of this data and procedures for their processing. The owner can process personal data both independently and entrust it to the manager based on a written agreement.
A personal data controller is a natural or legal person who is authorized by the owner of personal data or by law to process this data on behalf of the owner.
The first thing a company must do before processing personal data is to develop internal documentation
Internal documentation defines the purposes, grounds for data processing, the category of personal data subjects, the composition of the data, and the processing procedure. It is equally important to comply with the principles of processing in the process of implementing an IT project, which also requires legal expertise.
At this stage, without the help of qualified lawyers, it is easy to make mistakes, which in the future can cost a lot of money, nerves, and even brand reputation. We recommend avoiding unjustified risks and immediately contacting VigoLex specialists for help.
