Ukraine
third parties are obliged to ensure personal data protection from accidental loss or destruction, and from illegal processing, including illegal destruction or access to personal data. The data controllers and processors take measures to maintain the security of personal data in all stages of their processing, including organisational and technical measures. They independently determine the list and composition of security measures, taking into account the requirements of the legislation and informational security. The organisational measures include: establishment of a data access procedure for employees of data controllers/processors; establishment of the procedure for recording operations related to personal data processing and access to them; elaboration of an action plan in case of unauthorised access to personal data, damage to technical equipment, or emergencies; regular training of employees working with personal data. Technical security measures are taken, in particular, to exclude unauthorised access to personal data and ensure the proper working of the technical and program means through which the personal data is processed. Data controllers and processors processing Special Risk Data are
obliged to (1) create/define a structural unit or responsible person for organising the work related to personal data protection during its processing and (2) notify the Commissioner about such unit/person. 5.5. Disclosure, sharing and transfer of data Sharing of personal data is allowed according to the data subject's consent or in cases specified by law and only (if required) in the interests of national security, economic welfare, human rights and for conducting the all-Ukrainian population census. The data controller shall notify the data subject of the personal data transfer to a third party within ten working days if required by the conditions of his/her consent or otherwise not provided for by law. The specified notifications are not made in the case of: transfer of personal data upon requests made within the performance of the tasks of law enforcement intelligence or counterintelligence, anti- terrorism activities; exercise by state and local authorities of their powers provided for by law; personal data processing for historical, statistical or scientific purposes;
https://www.peterkapartner s.com/en/local/kyiv/
Made with FlippingBook - PDF hosting