Безпечна інтеграція в майбутнє


Безпечна інтеграція в майбутнє

Secured integration to the future

Secured integration to the future

European Regulation and Best Practices on Personal Data Protection

Майстер-клас: секрети випікання найсмачніших млинців!

14.02.2025

The Association Agreement between Ukraine and the European Union (EU) underscores the importance of aligning Ukraine's legal framework with EU law.
As part of this process, Ukraine is progressively harmonizing its legislation to meet European standards. In this context, it is essential to examine the EU’s regulatory framework on personal data protection.
The General Data Protection Regulation (GDPR) governs the processing and protection of personal data within the EU. 
Formally titled the Regulation (EU) 2016/679 of the European Parliament and of the Council on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, the GDPR is an internal EU regulation. 
However, its extraterritorial scope extends to specific cases. This applies when a non - EU entity offers goods and services to EU residents while simultaneously processing, storing, and transferring personal data.
Since its enforcement, the Regulation has significantly reshaped personal data protection practices, encouraging compliance through stringent enforcement mechanisms. Sanctions for non-compliance range from warnings to substantial administrative fines, which may amount to:
• Up to €10,000,000 million or, for enterprises, up to 2% of their total annual turnover from the previous financial year;
• Up to €20,000,000 million or, for enterprises, up to 4% of their total annual turnover from the previous financial year.
Thus, under the GDPR, personal data, encompasses any information related to an identified or identifiable natural person (the data subject). The regulation mandates the personal data must be processed and protected in line with the following principles:
• "Lawfulness, Fairness, and Transparency." Personal data must be processed in a lawful, fair, and transparent manner with respect to the data subject; • "Purpose Limitation." T Data must be collected and processed for specified, explicit, and legitimate purposes. Further processing must be consistent with these original purposes; • "Data Minimization." Only the minimum necessary amount of data should be collected to fulfill the intended purpose;
• "Accuracy." Data must be accurate and kept up to date to maintain relevance; incorrect or outdated data must be deleted;
• "Storage Limitation." Data, must be retained only for as long as necessary to fulfill the processing purpose;
• "Integrity and Confidentiality." Data must be processed in a way that ensures appropriate security and protection from unauthorized or unlawful processing, damage, or destruction;
• "Accountability." Data controllers must comply with these principles and be able to demonstrate their compliance.
Meanwhile, it is pertinent to mention that under the Article 9 of the Regulation, processing personal data related to political opinions, racial or ethnic origin, religious or philosophical beliefs, sexual orientation, and health is prohibited. However, exceptions apply, such as:
• The data subject has explicitly consented to the processing. • The data has been publicly disclosed by the data subject.
As part of personal data processing, the GDPR defines the roles and responsibilities of key stakeholders in personal data processing:
• Data subject – A natural person who can be identified, directly or indirectly, through identifiers such as name, identification number, location data, online identifier, or through one or more factors that define their physical, physiological, genetic, mental, economic, cultural, or social identity.
• Controller – A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
• Processor – A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
To ensure compliance, GDPR mandates supervisory and oversight bodies, including:
• Data Protection Officers (DPOs) – Responsible for monitoring GDPR compliance within an organization. • European Data Protection Board (EDPB) – Provides guidance on GDPR interpretation and resolves disputes between national supervisory authorities. • European Data Protection Supervisor (EDPS) – Oversees GDPR compliance within EU institutions and bodies.In cases where conflicts or ambiguous interpretations of the Regulation’s provisions arise, the European Data Protection Board provides clarifications.
Ensuring GDPR compliance requires efforts in the formalization and development of key documents, such as privacy notices, data processing agreements and internal policies to ensure transparency and compliance. Compliance must implement mechanisms for handling data subject requests, including access, rectification, erasure and data portability. At the same time, GDPR is not just about documentation —it is a comprehensive approach that includes technical infrastructure, cybersecurity safeguards, and employee training to ensure data protection.
The path to GDPR compliance is complex and resource - intensive, requiring engagement from C-levels , legal professionals, data protection officers, IT teams, and compliance specialists.s. However, a robust GDPR strategy not only mitigates financial and reputational risks but also facilitates trust-building and business expansion within the EU market.

IT Specialist - secure integration into the future.

Author: Dmytro Chub, Director of Business Process Automation, Integration, and Audit


Call Us

Office+38 (044) 390 81 90

Sales Department
+38 (096) 390 81 90

Write Us

moc.tsilaicepsti-ym%40olleh

Meet for coffee

Sigma Business Center,Vatslav Havel Boulevard, 6, building 3,Ukraine, Kyiv, 03124


Call Us

Office+38 (044) 390 81 90

Sales Department
+38 (096) 390 81 90

Write Us

moc.tsilaicepsti-ym%40olleh

Meet for coffee

Sigma Business Center,Vatslav Havel Boulevard, 6, building 3,Ukraine, Kyiv, 03124

Illustration


Зателефонувати

+38 (044) 390 81 90

Написати

moc.tsilaicepsti-ym%40olleh

Приїхати на каву

Бізнес-центр Sigma,
бульвар Вацлава Гавела, 6, корпус 3,
Україна, Київ, 03124

Illustration


Зателефонувати

+38 (044) 390 81 90

Написати

moc.tsilaicepsti-ym%40olleh

Приїхати на каву

Бізнес-центр Sigma,
бульвар Вацлава Гавела, 6, корпус 3,
Україна, Київ, 03124