Personal Data Protection Law - Ukraine
The Trust Challenge

Key Obligation and Consequences

Ukraine personal data protection law applies to “personal databases” which are compilations of personal data recorded in either electronic or manual form. Sometimes personal data can be compiled outside databases and still fall in the scope of the Data Protection Law.

The Data Protection Law requires obtaining the consent of data subjects for the processing of their personal data. According to the PDP law, the consent of the data subject means the voluntary and intentional expression of will of the data subject to the processing of personal data for the identified purposes, expressed in writing or in some other form.

The data owners and processors must take appropriate technical and organizational measures to ensure the protection of personal data against unlawful processing, including against loss, unlawful or accidental elimination, and also against unauthorized access.

The Trust Challenge

Key Challenges in brief:

Personal data may be transferred abroad based on one of the following grounds:

  • Unambiguous consent of the personal data subject
  • Cross-border transfer is needed to enter into or perform a contract between the personal data owner and a third party in favor of the data subject
  • Necessity to protect the vital interests of the data subject.
  • Necessity to protect public interest, establishing, fulfilling and enforcing of a legal requirement.
  • Non-interference in personal and family life of the data subject, as guaranteed by the data owner.

The PDP Law does not require notification of personal data security breaches, but data subjects should be informed about any amendment, deletion, or destruction of their personal data within ten business days.

Here are the key rights guaranteed by Ukraine PDP law.

  • Right to restrict the processing of their personal data.
  • Right to withdraw consent in relation to the processing of their personal data.
  • Right to introduce limitations as regards rights on their personal data processing while giving the consent.
  • Right to know the mechanics of the automated processing of personal data.
  • Right to be protected against automated decisions that have legal effect.
Win-Win Situation

Solutions

TurtleShield PA (Privacy Automation) automates and streamline privacy-related processes and tasks. PIAs and DPIAs aim to enhance privacy practices, ensure compliance with applicable privacy laws and regulations, and protect sensitive information. Overall, a privacy automation solution simplifies and streamlines privacy management processes, reducing the risk of non-compliance and improving data protection practices.

Our AI-based, patented solution, TurtleShield PI (Privacy Intelligence) discovers all personal and sensitive data in structured and unstructured data systems across on-premises and multi-cloud environments. TurtleShield DI (Data Inventory) enables organizations to inventory & map their entire “Data footprint”, enabling them to protect what matters the most.

Often there are silos within entities or business and IT teams and it is challenging to get a full picture of data going outside organization and which is coming into organization, especially when data is shared with third parties, vendors, business partners and much more. Our TurtleShield PI (Privacy Intelligence) creates a data map based on your “data sharing”, to facilitate you to take action on it.

TurtleShield DM (Data Minimization) helps businesses minimize excess data and adhere to data minimization principle. This is data hygiene control and we are approaching it from a risk reduction and compliance perspective. We scan large data sets to scan for excess data using Machine Learning and find out excess data including personal data. This can eliminate operational inefficiencies and save cost by removing the unwanted data and legal cost of having it with respect to regulatory compliance.

With TurtleShield RTBF (Right to Be Forgotten) provides the businesses the capabilities to comply with mandatory deletion of personal data by providing the capabilities to delete the data on request along with the validation of the deletion.

Search capability in large datasets to fulfill data subject requests in totality and at rapid space. Assumption that data only exists in databases and nowhere else is often not reality as customer data exists in many sources. Using Machine learning and AI we crawl across data sources and predict where PII can exist.

TurtleShield CM is the solution designed to help in enabling consent compliance within your organization involves implementing processes, technologies, and policies that ensure you collect and manage user consent in a way that aligns with applicable data protection regulations and industry best practices. It also helps in enabling consent management in 22 regional languages.

The Trust Challenge

Key Obligations & Consequences

Pointer

Applicability:

Ukraine personal data protection law applies to “personal databases” which are compilations of personal data recorded in either electronic or manual form. Sometimes personal data can be compiled outside databases and still fall in the scope of the Data Protection Law.

Pointer

Duties of data processor:

The Data Protection Law requires obtaining the consent of data subjects for the processing of their personal data. According to the PDP law, the consent of the data subject means the voluntary and intentional expression of will of the data subject to the processing of personal data for the identified purposes, expressed in writing or in some other form.

Pointer

Data Processor:

The data owners and processors must take appropriate technical and organizational measures to ensure the protection of personal data against unlawful processing, including against loss, unlawful or accidental elimination, and also against unauthorized access.

The Trust Challenge

Key Challenges in brief:

Pointer

Cross Border Data Transfer

Personal data may be transferred abroad based on one of the following grounds:

  • Unambiguous consent of the personal data subject
  • Cross-border transfer is needed to enter into or perform a contract between the personal data owner and a third party in favor of the data subject
  • Necessity to protect the vital interests of the data subject.
  • Necessity to protect public interest, establishing, fulfilling and enforcing of a legal requirement.
  • Non-interference in personal and family life of the data subject, as guaranteed by the data owner.
Pointer

Data Breach Notification

The PDP Law does not require notification of personal data security breaches, but data subjects should be informed about any amendment, deletion, or destruction of their personal data within ten business days.

Pointer

Fulfillment of Data Subject Rights

Here are the key rights guaranteed by Ukraine PDP law.

  • Right to restrict the processing of their personal data.
  • Right to withdraw consent in relation to the processing of their personal data.
  • Right to introduce limitations as regards rights on their personal data processing while giving the consent.
  • Right to know the mechanics of the automated processing of personal data.
  • Right to be protected against automated decisions that have legal effect.
Win-Win Situation

Solutions

Pointer

Privacy Process Automation: TurtleShield PA (Privacy Automation) automates and streamline privacy-related processes and tasks. PIAs and DPIAs aim to enhance privacy practices, ensure compliance with applicable privacy laws and regulations, and protect sensitive information. Overall, a privacy automation solution simplifies and streamlines privacy management processes, reducing the risk of non-compliance and improving data protection practices.

Pointer

Data discovery, inventory and mapping: Our AI-based, patented solution, TurtleShield PI (Privacy Intelligence) discovers all personal and sensitive data in structured and unstructured data systems across on-premises and multi-cloud environments.
TurtleShield DI (Data Inventory) enables organizations to inventory & map their entire “Data footprint”, enabling them to protect what matters the most.

Pointer

Third party Privacy Intelligence (monitors third party sharing): Often there are silos within entities or business and IT teams and it is challenging to get a full picture of data going outside organization and which is coming into organization, especially when data is shared with third parties, vendors, business partners and much more. Our TurtleShield PI (Privacy Intelligence) creates a data map based on your “data sharing”, to facilitate you to take action on it.

Pointer

Data Minimization: TurtleShield DM (Data Minimization) helps businesses minimize excess data and adhere to data minimization principle. This is data hygiene control and we are approaching it from a risk reduction and compliance perspective. We scan large data sets to scan for excess data using Machine Learning and find out excess data including personal data. This can eliminate operational inefficiencies and save cost by removing the unwanted data and legal cost of having it with respect to regulatory compliance.

Pointer

Right to be Forgotten (RTBF) with Assured Deletion: With TurtleShield RTBF (Right to Be Forgotten) provides the businesses the capabilities to comply with mandatory deletion of personal data by providing the capabilities to delete the data on request along with the validation of the deletion.

Pointer

Enable Data subject rights with cost savings and compliance in totality: Search capability in large datasets to fulfill data subject requests in totality and at rapid space. Assumption that data only exists in databases and nowhere else is often not reality as customer data exists in many sources. Using Machine learning and AI we crawl across data sources and predict where PII can exist.

Pointer

Consent Management: TurtleShield CM is the solution designed to help in enabling consent compliance within your organization involves implementing processes, technologies, and policies that ensure you collect and manage user consent in a way that aligns with applicable data protection regulations and industry best practices. It also helps in enabling consent management in 22 regional languages.

Featured News & Blogs

Be the first to catch our latest updates,
happenings and more.

Follow us