Skip to content

Blog

GDPR: General Data Protection Regulation

August 12, 2020 · 3 min read

Do Ukrainian companies need to comply with the EU GDPR regulation

25 травня 2018 року набув чинності Загальний регламент щодо захисту даних (Регламент ЄС 2016/679 від 27 квітня 2016 року або GDPR – General Data Protection Regulation). Даний регламент, який має пряму дію в усіх 28 країнах ЄС, замінить рамкову Директиву про захист персональних даних 95/46 / ЄС від 24 жовтня 1995 року.

Any business, regardless of jurisdiction, must comply with the law if it processes data of EU residents. The requirements relate to storing data in an anonymized and encrypted form; they must be protected.

In case of a data breach, regulatory authorities must be notified within 72 hours. GDPR has extraterritorial effect and applies to all companies that process personal data of EU residents and citizens, regardless of the location of such a company.

Naturally, branches and representative offices of Ukrainian, Russian, and other organizations in the EU will have to comply with the new requirements.

What companies are obliged to do based on GDPR scope requirements

  1. Ensure they have secure systems to protect individuals' data from cyber attacks and other possible attacks related to accidental data loss. If data is transferred between firms, it must be encrypted, and the risk of data loss must be minimized.
  2. Be able to identify, partially or completely delete all data related to an individual if the individual requests the deletion of this data. For example, when an individual leaves employment, they can now request that all data (with some exceptions) related to them, including photographs, be permanently removed from local drives and at the network level.
  3. Prove that stored individual data is used only for its intended purpose.
In addition, for companies processing personal data, GDPR introduces new concepts such as DPO (data protection officer) and representative.

DPO (data protection officer) – refers to a data protection officer who, in some cases, must be appointed to the staff of a company that works with personal data.

Representative – refers to a mandatory representative (natural or legal person) who can represent the interests of companies not registered in the European Union and without a branch or representative office for communication with local authorities on data protection issues.

Also, the GDPR text contains many other requirements, the study and application of which will help companies avoid risks in the future.

What are the penalties for non-compliance with GDPR requirements

To understand the importance of this innovation, penalties for non-compliance or serious violation of this law are significant and can amount to up to 4% of a company's turnover or up to 20 million euros (whichever is greater).

The provisions of GDPR apply to all companies without exception; however, companies that organize their activities in the field of IT technologies and conduct them through the global Internet network should focus most, as their activities are more related to personal data than the activities of any other companies.

If you have questions to a lawyer in connection with the entry into force of GDPR, call us at +38 (044) 4928716 or write to hello@uhy-prostir.com.
We will be happy to help you.