GDPR in Ukraine: legal advice
03/08/20 | ||
Author: Volodymyr Gurlov Legal services in Ukraine: Protection of intellectual property rights in Ukraine |
Developing your business properly, most often you get the task of entering the international market. If your business is located in Ukraine, and you see European countries as the market - you will need to take into account the requirements of European legislation regarding the processing of personal data. Both to protect yourself from possible liability and to create your own positive "image".
On 25.05.2018, the General Data Protection Regulation, also known as the GDPR, came into force. Further on, we will tell you how and what this has affected.
Related article: How to protect Your brand?
Who should implement the GDPR in his activities?
The task of the GDPR is to regulate the processing and protection of personal data within the European Union and the European Economic Area (EU/EEA), as well as their export outside of these territories.
The GDPR applies not only to enterprises resident in the EU/EEA, but also to enterprises in other countries, in several cases.
Case 1. If there is an office or employees within the EU/EEA (a so-called organizational unit or an establishment).
In this case the GDPR will only apply to the processing of data that are related to the activities of the mentioned organizational units, regardless of whether the processed data belong to persons from the EU/EEA or from other countries.
For example, the national manufacturer of a product must comply with the GDPR, for example, if he contacts the European partner company to advertise such products, but only with regard to those data that are related to the activities of the partner company (European customers, office employees, etc.).
Case 2. If the company is located outside the EU/EEA, but offers goods and services to citizens of EU/EEA countries.
In such a situation simply the possibility of the access of the above mentioned persons to sites, applications or other resources where one can get goods/services does not oblige the enterprise to use the GDPR yet.
The GDPR has to be used if the product is initially oriented to European users.
Which may indicate:
- The top-level domain of the site is registered in one of the EU countries;
- payment acceptance is in euros;
- the application is available in EU languages;
- delivery points are available in EU/EEA countries, etc.
Case 3. If a company monitors customers from the EU/EEA.
For example, if a company collects data from Europeans for further use in its operations, if the company is aware that the data belongs to persons from EU/EEA countries.
For example:
- obtaining information on the Customer's geolocation;
- research of Clients' preferences regarding goods and services, if it is carried out on the basis of personalized "profiles" of Clients;
- collection of cookies, etc.
Interesting: Business related to e-commerce in Ukraine
Why do the GDPR requirements have to be fulfilled?
Failure to comply with the requirements of the GDPR (where applicable) may result in a penalty: 4% of the company's annual turnover and up to 20 million euros.
On the other hand, even if you are not obliged at the moment to use the GDPR, the following benefits can be obtained from the data processing according to his rules:
- strengthening the "HR brand" and attracting highly qualified employees;
- attracting contractors from the EU/EEA;
- attraction of European investors, etc.
How is GDPR implementation going on in the enterprise?
The implementation of GDPR is carried out through the development and mandatory implementation of a number of special procedures related to data collection, storage, etc. The specific procedure for such implementation depends on the type of activity of the enterprise and its other characteristics.
In any case, the reputation of the enterprise, which implements the requirements of GDPR, will have competitive advantage as in the European market, as well as in the markets of Ukraine and other countries.
Our lawyers can help you with the development of all necessary programs and implementation of the GDPR at your enterprise.