The issue of personal data protection is directly related to the realization of the right to privacy and the right to be forgotten. In connection with the development of information technology and interest in human rights, it became necessary to establish clear rules regarding personal data.
In 2016, after a series of shameful leaks of personal information, from which major participants in the IT market and public figures have suffered, as well as the constitutional rights of citizens of the United States and the EU, a global decision was made on the extraterritoriality of the provisions of the protection of personal data. This means that the company must comply with the personal data processing rules of citizens of the country where the such acts have been adopted, regardless of the place of registration of the company.
Protection of personal data – a set of technical, organizational and legal measures aimed at protecting information about an individual (personal data subject)
The presence of various acts in the field of personal data protection creates a considerable hassle for companies that operate simultaneously in different markets. For example, a Ukrainian online store sells goods and services to EU and US citizens. In this case, the company must adapt to the requirements of the General Data Protection Regulation (GDPR), as well as acts adopted in individual US states (CCPA, DOPPA, Nevada amendment to Security of Personal Information statute, and others). The difference between these documents lies in the scope, territorial jurisdiction, approaches to determining personal data, grounds for the processing, the procedure for processing personal data of minors, and liability for violations.