According to Art 2 of the Law of Ukraine “On Personal Data Protection” dated June 01, 2010 (hereinafter – the Law) personal data is defined as data or a collection of data on a natural person that is or can be clearly identified.
Personal data can be divided into the following categories:
- General personal data (the first name, the last name, date and place of birth, place of living, personal data (age, gender, marital status etc.), family members, education, profession, financial information, electronic identification data, photo or video record about the person, etc.
- Sensitive personal data (racial or ethnic origin, religious beliefs or other beliefs of a similar nature, political and professional memberships, and data connected with health or sexual life).
According to the above mentioned Law any collection of systematized personal data on a natural person that is or can be clearly identified is considered as a Database of Personal Data. Every database of personal data is a subject to state registration by means of entering an appropriate record into the State Register of Databases of Personal Data by the authorized state body in the issues of personal data protection. The Law doesn’t contain any exceptions as for registration of databases of personal data.
The owner of database of personal data takes a decision at his/her own discretion if the collection of personal data on physical persons that he/she owns is a database of persona data or not.
Registration of databases of personal data will help to:
- owners of databases – know and follow the legislation regarding personal data protection;
- subjects of personal data – on the basis of the received information understand if their personal data are saved in the database of a definite company and the categories of such data, correctly form requests and complaints.
- authorized state body in the issues of personal data protection – follow the situation, use the records on the registered databases of personal data for visiting or not visiting audits of the owners and managers of databases of personal data.
The key facts on state registration of databases of personal data
Databases of personal data are registered by the State Service of Ukraine on Personal Data Protection free of charge. Only databases and not the data contained in bases are subject to registration. Databases are registered by means of filing the filled in standard application. A correspondent certificate is issued within 10 working days. Only the owner of the database has the right to register it.
Registration of databases of persona data and making changes into the State Register of databases on personal data is processed in accordance with:
- the Law of Ukraine “On Personal Data Protection” dated 01.06.2010 # 2297-VI,
- Provision of the Cabinet of Ministers of Ukraine dated 25.05.2011 # 616,
- the forms and due to the Order on submitting applications on registration of databases of personal data and on making changes to the State Register of databases of personal data that are approved by the order of the Ministry of Justice of Ukraine dated 08.07.2011 # 1824/5.
All databases of personal data both in electronic or file forms in which personal date are being processed, irrespective of the volume and the way of its usage are subject to registration. A separate application is filed for every separate database of personal data.
To register a database, a company must file an application pursuant to the form established by the law with the authorized Data Protection Service.
The application on registration of database must contain information about the database owner and managers of databases, information about the database and its location, and confirmation that all personal data protection measures provided by law are being followed.
Any existing databases of personal data must be registered by January 01, 2012.
In case of any changes in database of personal data the owner of database is obliged to inform the authorized state body in the issues of personal data protection not later than 10 working days from the day of the change by filing the application on making the changes into the State Register of Databases of Personal Data. Application is filed in the paper form (together with the electronic copy of the application) or in the form of a digital document sent to the email address firstname.lastname@example.org according to the law of Ukraine “On Electronic Documents and Electronic Documents Circulation” and “On digital signature”.
Responsibility for Violations of Personal Data Protection
For violation of the law “On Personal Data Protection” criminal, administrative and civil responsibility is foreseen.
Administrative responsibility for violation of personal data protection will be for:
- Fail to submit (or not timely) information of the legal entity about the rights in connection with the including personal data to databases, the purpose of collection of such data and persons who will manage data.
- Fail to submit (or not timely) information of the State authority regarding the change of the data that have been filed for registration at the database of personal data.
- Evasion of registration of databases of personal data.
- Failure of confidentiality of information saved in databases of personal data that led to unauthorized access to them.
- Failure to keep to the demands of the State authority on elimination of violation of legislation.
In case of questions of comments regarding the above mentioned changes, don’t hesitate to contact us. You can find contact information in the attached PDF-document.