Digital Policy Alert logo

Ukraine: Introduced Personal Data Protection Law

Policy overview

Description

Introduced Personal Data Protection Law

The Personal Data Protection Law is introduced in the Ukrainian Parliament. The draft law introduces the grounds for the lawful processing of personal data and the safety and design requirements for data controllers. Additionally, the law introduces the definitions of various terms related to the treatment of personal data. Moreover, the law introduces various data subjects rights: to access personal data, to receive a response about personal data storage, to provide the request for change or destruction of personal data, to withdraw the consent to personal data processing, to data portability, and to be informed about automated processing of personal data. Finally, the law specifies the criteria to pursue data transfers with foreign countries.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
legislature
Government Body
parliament

Complete timeline of this policy change

Hide details
2021-06-07
under deliberation

The Personal Data Protection Law is introduced in the Ukrainian Parliament. The draft law introduce…

Key regulatory dimensions

Regulated subjects

The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type Any
Economic activity cross-cutting
Category All

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.
personal data (all forms): data collection
Regulatory tool
Risk or other impact assessment requirement
User right to portability of personal data
User right to access personal data
User right to deletion of personal data
Preventive security requirement
Responsive security requirement
Sanctions
Fine
Regulated subjects
1
personal data (all forms): storage (any form)
Regulatory tool
Risk or other impact assessment requirement
User right to portability of personal data
User right to access personal data
User right to deletion of personal data
Preventive security requirement
Responsive security requirement
Data storage/retention obligation
Sanctions
Fine
Regulated subjects
1
personal data (all forms): data processing
Regulatory tool
Risk or other impact assessment requirement
User right to portability of personal data
User right to access personal data
User right to deletion of personal data
Preventive security requirement
Responsive security requirement
Purpose/processing limitation
User notification requirement
User consent: Opt-in requirement
Sanctions
Fine
Regulated subjects
1
algorithm: ML/AI optimisation algorithm incl. matching, ranking, sorting: operate
Regulatory tool
Sanctions
Fine
Regulated subjects
1
personal data (all forms): transfer: cross-border
Regulatory tool
Adequacy decision requirement
Sanctions
Fine
Regulated subjects
1

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.

personal data (all forms): data collection

personal data (all forms): storage (any form)

personal data (all forms): data processing

algorithm: ML/AI optimisation algorithm incl. matching, ranking, sorting: operate

personal data (all forms): transfer: cross-border