Law on personal data protection at first hand” panel discussion was conducted on February, 1st

Law on personal data protection (came into force on January 1^st, 2011) is rather framework of normative acts than the "real" law and needs to be completed with additional normative acts. Until norms explaining peculiarities of Law’s implementation are ready state authority representatives shared their comments on how not to break the given Law.

Vladimir Kosak, Chairman Deputy of State Office on Personal Data Protection, provided actions companies or databases containing personal data owners had to conduct to comply with Law’ orders. According to him one had:

• to create personal data databases department controlling ongoing operations
• to identify employees directly processing personal data
• to determine list of databases used in a company
• to receive consent on data processing from personal data owners

Yet, Taras Kachka, Director First Deputy of State Department on Legislation Adaptation of Ukrainian Justice Department, informed that companies concerns regarding sanctions for law breaking coming into force before expository legal documents are not really justified. Draft legislation stating criminal and administrative liability even though is included in agenda, is going to be adopted only in the first reading and sent for further follow-up revision. "It is far from being adopted in whole" – said Mr. Kachka.

The other Law’s requirement concerning business owners is obligatory written notification of personal data owner about their data being included in data base. Business representatives are convinced that for big retail chains implementation of such requirement would be very costly. On the other hand Ukrainian Justice Department representatives say that this requirement is easy to implement by simply including written notification in regular advertising news letters sent by most of the big retail chains.

Source: news.liga.net