O F F I C I A L    W E B - S I T E

Home Site Map Date: 18.11.2019
eng
President
of Ukraine
Verkhovna
rada of Ukraine
Government
portal
 : : Legal Framework
2010-06-01 00:00:00  Print Version



 

As of 15 August 2014

 

LAW OF UKRAINE

ON PROTECTION OF PERSONAL DATA

 

Article 1. Scope of the Law

 

This Law regulates legal relations concerning protection and processing of personal data and aims to protect the fundamental human and citizens rights and freedoms, particularly the right to privacy in relation to the processing of personal data.

 

This Law applies to personal data processing activities performed, fully or partially, by automated means, as well as to processing of personal data stored in a file folder or assigned to be included in it, with the use of non-automated means.

 

Article 2. Definitions

 

The following definitions are used in the present Law:

 

- Base of personal data (personal database) means a named aggregate of organized personal data in electronic form and/or in a form of a filing system;

 

- Controller of personal data means a natural or a legal person that decides what should be the purpose of the personal data processing, what personal data should be stored and what processing operations should be applied to them, unless otherwise stipulated by the law;

 

- Personal data subjects consent means a voluntary declaration of will by an individual provided he or she has been properly informed, to grant permission to process his/her personal data in accordance with the purpose of processing stated in a written or any other form that allows to conclude that the permission has been granted; In the field of electronic commerce the consent of the personal data subject should be given within the registration as the electroinic commerce subject in the informational and telecommunication system by ticking off his/her permission to process personal data in accordance with the purpose of processing under condition that the sytem does not provide for an opportunity to process personal data until the permission is ticked off by the personal data subject.

 

- Depersonalization of personal data means withdrawal of information that allows to directly or indirectly identify a person;

 

- Filing system means any structured set of personal data which are accessible according to specific criteria whether centralized, decentralized, or dispersed on a functional or geographical basis;

 

- Processing of personal data (hereinafter referred to as processing) means any operation or set of operations such as collection, registration, accumulation, storage, adaptation, alteration, updating, use and dissemination (distribution, sale, transfer), depersonalization, destruction of personal data which in particular may involve the use of information (automated) systems;

 

- Recipient means a natural or legal person, including a third party, to whom personal data are disclosed;

 

- Personal data mean information or aggregate information about a natural person who is identified or may be identified;

 

- Processor of personal data means a natural person or legal entity that obtained the right to process such data on behalf of the controller of personal data or according to the law;

 

- Personal data subject means an individual whose personal data are processed;

 

- Third person means any person, except a personal data subject, controller or processor of personal data and the Ukrainian Parliament Commissioner for Human Rights, to whom controller or processor of personal data transfers these data according to legislation.

 

Article 3. Legislation on protection of personal data

 

Legislation on protection of personal data consists of the Constitution of Ukraine, this Law, other laws and subordinate legislation, international treaties which were approved as binding by the Verkhovna Rada of Ukraine.

 

Article 4. Subjects of relations connected to personal data

 

1. The subjects of relations connected to personal data are as follows:

 

- Personal data subject;

 

- Controller of personal data;

 

- Processor of personal data;

 

- Third person;

 

- Ukrainian Parliament Commissioner for Human Rights (hereinafter referred to as
the Commissioner);

 

2. State enterprises, institutions and organizations, irrespective of the form of their ownership, bodies of state power or local self-government, private entrepreneurs who process personal data in accordance with the legislation, may be controllers or processors of personal data.

 

3. The processor of personal data owned by a body of state power or local self-government, besides this body, may be only a legal entity of state or communal ownership which acts in the sphere of administration of such a body.

 

4. A personal data controller may authorize personal data processor to process personal data in accordance with a contract executed in writing.

 

5. A personal data processor may process personal data solely for the purpose and to the extent established by the contract.

 

Article 5. Objects of protection

 

1. The objects of protection are personal data.

 

2. Personal data can be refered to classified information about a person by law or by a relevant person. Personal data relating to the exercising by a person, who holds the position associated with fulfillment of functions of the state or local self-government, his or her official or service authorities is not a classified information.

 

3. Personal data referred to in the declaration of assets, income, expenses and financial obligations issued under a form and in a manner established by the Law of Ukraine On Principles of Prevention and Combating Corruption is a non-classified information, except for data determined by the Law of Ukraine On principles of Prevention and Combating Corruption.

 

Information about obtaininig in any form of budget funds, state or communal property by an individual is not a restricted information, except for cases provided for by Article 6 of the Law of Ukraine On access to public information.

 

A law may prohibit referring other information that are personal data to restricted information.

 

Article 6. General requirements with regard to personal data processing

 

1. The purpose of personal data processing must be clearly formulated in laws and other subordinate legislation, regulations, constitutive or other documents that regulate activity of the controller of personal data, and conform to legislation on personal data protection.

 

Personal data processing shall be conducted openly and transparently with means and in a manner that correspond to the defined purposes of such a processing.

 

In case the purpose of personal data processing changes and is not compatible with the prior one, in order to conduct further processing of the data the controller of personal data shall obtain a permission of the subject of personal data for processing of his/her personal data according to the new purpose, unless otherwise stipulated by the law.

 

2. Personal data shall be accurate, authentic, and updated where necessary with regard to the purpose of data processing.

 

3. The composition and content of personal data shall be appropriate, adequate and non-excessive with regard to the purpose of their processing.

 

4. Primary sources of information about an individual shall be the documents issued in this persons name; documents signed by the person; information which the person provides about himself/herself.

 

5. Processing of personal data shall be conducted for specific and legal purposes, determined by the

consent of personal data subject or, in certain cases, provided for by laws of Ukraine, in a manner prescribed by the legislation.

 

6. Processing of data about an individual that is a classified information shall be prohibited without such persons consent, except for the cases stipulated by laws of Ukraine and only in the interests of national security, economic welfare and human rights.

 

7. In case it is necessary to protect vital interests of the personal data subject, his or her personal data may be prossesed without his or her consent until the moment it is possible to obtain such a consent.

 

8. Personal data shall be processed in the form that permits identification of a natural person whom they concern, within the term no more than it is necessary according to the legal purpose with regard to which they were collected and processed.

 

Further use of personal data with historical, statistical or scientific purposes may be conducted only if they are properly protected.

 

10. Typical order for the processing of personal data in databases shall be approved by the Commissioner.

 

Article 7. Particular requirements with regard to processing of personal data

 

1. The processing of personal data shall be prohibited if such data are about racial or ethnic origin, political views, religious or other convictions, membership in political parties and trade unions, criminal record as well as if data relate to health or sexual life, biometric or genetic information.

 

2. Provisions of paragraph one of this Article shall not apply if processing of personal data:

 

1) is conducted in case the personal data subject gives a univocal consent to the processing of such data;

 

2) is necessary for exercising rights and fulfilling duties of controller of personal data in the sphere of labor legal relations according to the law with ensuring the relevant protection;

 

3) is necessary for protection of the vital interests of the personal data subject or any other person in case of incapability or limitation of civil capability of the personal data subject;

 

4) is carried out with a relevant protection by religious or civil society organization of world outlook orientation, a political party or trade union, established according to the law, if such processing concerns only personal data of members of these associations or persons who are in constant contact with them with regard to the nature of their activities, and if personal data are not transferred to the third person without consent of the personal data subjects;

 

5) is necessary for substantiation, satisfaction or protection of a legal claim;

 

6) is necessary for the purposes of health protection, diagnostic opinion, provision of care or medical treatment or medical services on condition that such data are processed by medical staff or another person of a health care institution which has liabilities with regard to guaranteeing protection of personal data and is subject to legislation on medical confidentiality;

 

7) concerns court sentences, performance of tasks of operational and search or counterintelligence activities, fight against terrorism by a state body within its jurisdiction defined by the law;

 

8) concerns data that were clearly disclosed by the personal data subject.

Article 8. Rights of Personal Data Subject

 

1. Personal non-property rights to personal data that each individual is entitled to are inalienable and inviolable.

 

2. The personal data subject shall have the right to:

 

1) know about the sources of collection, location of his/her personal data, purpose of their processing, location and/or place of residence (temporary residence) of the controller or processor of personal data, or to issue a respective proxy on obtaining such information to the authorized persons, except for cases established by the law;

 

2) receive information on conditions of access to personal data, in particular information about third persons his/her personal data are transferred to;

 

3) access to his/her personal data;

 

4) receive a response with regard to whether his/her personal data are processed as well as to receive information on the content of his/her personal data within the period that is no longer than 30 days since the moment the relevant request was received, unless otherwise prescribed by law;

 

5) submit a motivated request to controller of personal data with objection against processing of his/her personal data;

 

6) submit a motivated request to change or destroy his/her personal data by any controller and processor of personal data, if such data are processed illegally or are inaccurate;

 

7) protect his/her personal data from illegal processing and accidental loss, destruction, damage due to a deliberate concealing, failure to provide them or provision of such data with delay, as well as to protection from provision of data which are inaccurate or disgraceful for the honor, dignity and business reputation of an individual;

 

8) lodge complaints on his/her personal data processing to the Commissioner or courts;

 

9) use legal remedies in case of violation of legislation on protection of personal data;

 

10) submit reservations in respect of restricting the right to process his/her personal data while providing his/her consent;

 

11) withdraw consent to the processing of his/her personal data;

 

12) know the automatic mechanism of processing of personal data;

 

13) be protected from automated decision that has legal consequences for him/her.

 

Article 9. Notice of the processing of personal data

 

1. The controller of personal data shall notify the Commissioner of the processing of personal data, which is of particular risk to the rights and freedoms of personal data subjects within thirty working days after beginning of such a processing.

 

Types of processing of personal data, which are of particular risk to the rights and freedoms of personal data subjects, and categories of subjects covered with notification requirements are determined by the Commissioner.

 

2. Notification of processing of personal data shall be submitted in the form and manner determined by the Commissioner.

 

3. The controller of personal data is required to inform the Commissioner of any change of information subject to the notification, within ten working days since the occurrence of such changes.

 

4. The information reported pursuant to this Article shall be published on the official website of the Commissioner in the manner determined by the Commissioner.

 

Article 10. Use of personal data

 

1. Use of personal data means any actions of the controller of personal data with regard to processing of such data, their protection and granting partial or full right to process such personal data by other subjects of relations connected to personal data, which are performed under the consent of a personal data subject or according to the law.

 

2. The use of personal data by the controller of personal data shall be performed in case he/she fulfills the conditions for protection of such data. The controller of personal data shall not disclose information about the personal data subjects whose personal data are accessed by other subjects of relations connected to such data.

 

3. The use of personal data by the employees of the subjects of relations connected to personal data shall be performed only according to their professional or official and labor duties. These employees shall prevent disclosure of personal data which were entrusted to them or became known to them due to performance of their official or labor duties except for cases foreseen by law. Such liability shall be valid after termination of their activity related to personal data, except for cases established by the law.

 

4. The information about a private life of an individual shall not be used as factor that may confirm or disprove his/her business skills.

Article 11. The ground for processing of personal data

 

1. The grounds for processing of personal data are:

 

1) consent of the personal data subject to process his/her personal data;

 

2) permission for processing of personal data provided to the controller of personal data in accordance with the law solely for the purpose of his/her authority;

 

3) conclusion and execution of a contract, where a personal data subject is a party, or a contract concluded in favor of the personal data subject or for activities prior to the conclusion of a deal at the request of the personal data subject;

 

4) protection of the vital interests of the personal data subject;

 

5) need for exercising of a duty by the controller of personal data under the law;

 

6) need to protect the legitimate interests of the controller of personal data, third parties, except the cases where the personal data subject requires to stop the processing of his/her personal data and where the need to protect personal data prevails such interest.

 

Article 12. Collection of personal data

 

1. Collection of personal data shall be an element of the process which provides for actions to select or to arrange information about an individual.

 

2. Personal data subject shall be notified about the controller of personal data, content of the collected data, his/her rights provided for by this Law, purpose of collection of personal data and persons to whom such data can be transferred:

 

at the moment of collecting personal data if personal data are collected from personal data subject;

 

in other cases within thirty working days after the day when personal data were collected.

 

Article 13. Accumulation and storage of personal data

 

1. Accumulation of personal data shall include actions aimed at unification and systematization of information about an individual or a group of individuals or placement of this data to the personal database.

 

2. Storage of personal data shall include actions aimed at ensuring their integrity and proper mode of access to them.

 

Article 14. Dissemination of personal data

 

1. Dissemination of personal data means actions on transfer of information about an individual with consent of the personal data subject.

 

2. Dissemination of personal data without consent of a personal data subject or person authorized by him/her shall be permitted in cases determined by the law and only (if it is necessary) in the interests of national security, economic welfare and human rights.

 

3. Fulfillment of requirements of the established personal data protection mode shall be provided by the party that disseminates these data.

 

4. The party to which the personal data are transferred shall previously take measures aimed at fulfillment of the requirements of this Law.

Article 15. Destruction of personal data

 

1. Personal data shall be deleted or destroyed according to the procedure established by law.

 

2. Personal data shall be deleted or destroyed in following cases:

 

1) expiration of the term of data storage determined in the consent of the personal data subject for processing of these data or determined by law;

 

2) termination of legal relations between the personal data subject and the controller or processor of personal data, unless otherwise stipulated by the law;

 

3) issue of a relevant order by the Commissioner or officials of the Secretariat of the Commissioner designated by him/her;

 

4) entry into force of a court decision on the deletion or destruction of personal data.

 

3. Personal data collected with violations of requirements of the present Law shall be deleted or destroyed in the order determined by legislation.

 

4. Personal data collected during fulfillment of tasks of operational and search or counterintelligence activities, fight against terrorism shall be deleted or destroyed according to the requirements of law.

Article 16. Personal data access procedure

 

1. Personal data access procedure for the third parties shall be determined by the conditions enshrined in the consent to personal data processing of the personal data subject provided to the controller of personal data or according to the requirements established by law. Procedure of access of third parties to personal data possessed by the processor of public information shall be determined by the law of Ukraine On Access to Public Information.

 

2. Access to personal data of the third party shall not be granted if such a party refuses to assume responsibility for ensuring execution of requirements of this Law or is unable to ensure execution of such requirements.

3. Subject of relations connected to personal data shall submit a request for access to personal data (hereinafter referred to as request) to the database controller.

 

4. The request shall contain the following information:

 

1) first and last names and patronymic, place of residence (temporary residence) and essential elements of an ID which certify an individual who submitted the request (for an applicant who is an individual);

 

2) title, place of location of a juridical person that submits a request, position, first and last names and patronymic of the person who certifies the request; confirmation of conformity of content of the request with the authorities of the juridical person (for applicant that is a juridical person);

 

3) first and last names and patronymic as well as other data that enable identification of an individual being subject to request;

 

4) information about the personal database subject to request or information about the controller or processor of personal data;

 

5) list of personal data subject to request;

 

6) purpose and/or legal grounds of the request.

 

5. The term of consideration of a request in order to grant it shall not exceed ten working days since the day it was received.

 

Within this term, personal data controller shall inform the person who submits a request that such a request shall be granted or that the respective personal data cannot be provided, with notification about the grounds specified in a relevant normative legal act.

 

The request shall be granted within thirty calendar days since the day of its receipt, unless otherwise stipulated by the law.

 

6. Personal data subject shall be entitled to receive any information about himself/herself from any subject of relations connected to personal data under condition of providing information determined in item 1 paragraph 4 of this Article except for cases established by law.

 

Article 17. Postponement or Refusal to Access Personal Data

 

1. Postponement of the access of personal data subject to its personal data shall not be allowed.

 

2. Postponement of the access of third parties to personal data shall be permitted if necessary data cannot be provided within thirty calendar days from the day of the requests receipt. At that the overall period to resolve issues raised in the request shall not exceed forty five calendar days.

Notification of postponement shall be submitted in writing to the third party that made a request with an explanation of the procedure to appeal against such a decision.

 

The notification of postponement shall contain:

 

1) first and last names and patronymic of the official;

2) date when notification was sent;

3) reason for postponement;

4) term during which the request shall be granted.

 

3. Access to personal data can be refused, if access to such data is prohibited according to law.

 

The notification of refusal shall contain:

 

1) first and last names and patronymic of the official that refuses an access;

2) date when notification was sent;

3) reason for refusal.

 

Article 18. Appeal against decision on postponement or refusal to grant access to personal data

 

1. The decision on postponement or refusal to grant access to personal data can be appealed to the Ukrainian Parliament Commissioner for Human Rights or to the court.

 

2. If a request is made by the personal data subject regarding data on himself/herself, in this case during court proceedings the liability of proving the lawfulness of refusal to grant access to personal data shall be imposed on controller of personal data to which the request was submitted.

 

Article 19. Payment for Access to Personal Data

 

1. Access of a data subject to data on himself/herself shall be free of charge.

 

2. Access of other subjects of relations connected to personal data, to personal data of a particular individual or a group of individuals may require payment under requirements prescribed by this Law. The activities related to personal data processing as well as to consulting and organization of access to respective data shall be paid for.

 

3. Amount of payment for services on granting access to personal data by the bodies of state power shall be determined by the Cabinet of Ministers of Ukraine.

 

4. The bodies of state power and local self-government shall be entitled to unimpeded and free access to personal data within their mandate.

 

Article 20. Changes and supplements to personal data

 

1. Controllers or processors of personal data shall be obliged to introduce changes to personal data on the basis of a motivated written request of a personal data subject.

 

2. Controllers or processors of personal data shall be obliged to introduce changes to personal data also on the basis of an appeal of other subjects of relations connected to personal data, if there is a relevant consent of the personal data subject or if a respective change is made under the order of the Commissioner or designated officials of the Secretariat of the Commissioner or a court decision which entered into legal force.

 

3. Changes to incorrect personal data shall be performed immediately after such mistake was disclosed.

 

Article 21. Notification on operations with personal data

 

1. The controller of personal data shall notify the personal data subject about transfer of his/her personal data to the third party within 10 working days, if it is required by the conditions of his/her consent or unless otherwise established by law.

 

2. The notifications mentioned in paragraph 1 of the present Article shall not be made in case of:

 

1) transfer of personal data upon requests within fulfillment of tasks of operational and search or counterintelligence activities and fight against terrorism;

 

2) exercising powers stipulated by law by bodies of state power and local self-government;

 

3) processing of personal data for historical, statistical or scientific purposes;

 

4) notifying personal data subject in accordance with provisions of Article 12 paragraph 2 of this Law.

 

3. Controller of personal data shall inform the personal data subject and subjects of relations connected to personal data these data were transferred to about any change, deletion or destruction of data or restriction of access to them within ten working days.

 

Article 22. Control over the Observance of Legislation on Protection of Personal Data

1.     The following bodies exercise control over the observance of legislation on protection of personal data within their authorities provided for by law:

1)    The Commissioner;

2)    courts.

Article 23. The authorities of the Ukrainian Parliament Commissioner for Human Rights in the sphere of protection of personal data

 

1.      The Commissioner has the following authorities in the sphere of protection of personal data:

 

1)            to receive proposals, complaints and other appeals of individuals and legal entities concerning the protection of personal data and make decisions following their consideration;

 

2) on the grounds of appeals or on own initiative to conduct on-site and off-site, scheduled, unscheduled inspections of possessors and controllers of personal data in the manner defined by the Commissioner, with provision of access to the premises where processing of personal data is performed according to law;

 

3) to obtain at his/her own request and have access to any information (documents) of possessors or controllers of personal data which are necessary to control the ensuring of protection of personal data, including the access to personal data, relevant databases or files, restricted information;

 

4) to approve normative legal acts concerning the protection of personal data in cases envisaged by this Law;

 

5) on the grounds of results of an inspection, consideration of an appeal to issue binding requests (regulations), as regards the prevention or elimination of violations of the legislation on protection of personal data, including the changes, removal or destruction of personal data, ensuring access to them, providing or prohibiting their provision to third person, suspension or termination of the processing of personal data;

 

6) to provide recommendations on practical application of the legislation on protection of personal data, to explain the rights and obligations of the relevant persons upon request of subjects of personal data, possessors and controllers of personal data, units or persons responsible for the organization of the protection of personal data, other persons;

 

7) to cooperate with units or responsible persons that according to this Law organize the work related to the protection of personal data during their processing; to disclose the information about these units and responsible persons;

 

8) to submit proposals to the Verkhovna Rada of Ukraine, the President of Ukraine, the Cabinet of Ministers of Ukraine, other state bodies, bodies of local self-government and their officials as regards the adoption or amendment to normative legal acts on the protection of personal data;

 

9) to provide the conclusions concerning the draft codes of conduct in the sphere of  protection of personal data and changes thereto upon requests of professional, self-government and other public associations or legal entities;

 

10) to draw up protocols on bringing to administrative responsibility and direct them to the court in cases provided by law;

 

11) to inform about the legislation on the protection of personal data, the problem of its practical application, the rights and obligations of subjects of relation connected to personal data;

 

12) to carry out the monitoring of new practices, trends and technologies of protection of personal data;

 

13) to organize and ensure the cooperation with foreign entities related to personal data, particularly, in connection with implementation of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and Additional Protocol to it, other international agreements of Ukraine on personal data protection;

 

14) to participate in the work of international organizations on personal data protection.

 

2. The Ukrainian Parliament Commissioner for Human Rights includes in his/her annual report on state of observance and protection of human and citizens' rights and freedoms in Ukraine the report on the state of observance of legislation on personal data protection.

 

Article 24. Ensuring the protection of personal data

 

1. Possessors and controllers of personal data and third parties are obliged to protect this data against accidental loss or destruction, illegal processing, including unlawful destruction or access to personal data.

 

2. Within bodies of state power, local self-government, and also possessors or controllers of personal data that perform the processing of personal data, which is subject of notification according to this Law, the unit or responsible person who organizes the work related to personal data protection during their processing is established (appointed).

The information about the unit or the responsible person mentioned above is notified to the Ukrainian Parliament Commissioner for Human Rights, who provides its publication.

 

3. The unit or responsible person who organizes the work related to the personal data protection during their processing:

 

1) informs and advises the possessors and controllers of personal data as regards the observance of the legislation on protection of personal data;

 

2) cooperates with the Ukrainian Parliament Commissioner for Human Rights and officials of his/her Secretariat appointed by the Commissioner on issues concerning the prevention and elimination of violations of the legislation on protection of personal data.

 

4. Sole traders, including doctors, who have relevant license, attorneys, notaries personally ensure protection of personal data that they possess according to the law.

 

Article 25. Limitations on application of the present Law

 

1. Limitations of the operation of Articles 6, 7 and 8 of the present Law shall be implemented only in cases foreseen by law insofar as necessary in a democratic society in the interests of national security, economic welfare and protection of human rights and freedoms of personal data subjects or other persons.

 

2. Processing of personal data without application of provisions of this Law is permitted if such a processing is carried out:

 

1) by an individual solely for his/her personal or household requirements;

 

2) solely for journalistic and creative purposes, provided that the balance between the right to respect for private life and the right to freedom of expression is ensured.

 

3. ij .

 

Article 26. Financing of activities on personal data protection

 

Financing of activities and measures on ensuring protection of personal data shall be performed at the expense of the State Budget of Ukraine and local budgets, funds of the subjects of relations connected to personal data.

 

 

Article 27. Application of provisions of this Law

 

1.The provisions on ensuring protection of personal data specified in this Law may be supplemented or clarified by other laws if they determine requirements for personal data protection that do not contradict the requirements of the present Law.

 

2. Professional, self-government and other civil society associations or legal entities can work out corporative codes of conduct to ensure efficient protection of the rights of personal data subjects, observance of legislation on personal data protection, taking into consideration the specifics of data processing in different spheres. While working out such a code of conduct or amendments to it the relevant association or legal entity may apply to the Commissioner for an expert review.

Article 28. Liability for violation of legislation on personal data protection

 

Violation of legislation on personal data protection shall involve liability established by law.

 

Article 29. International cooperation and personal data transfer

1. Cooperation with foreign subjects involved in personal data relations shall be regulated by the Constitution of Ukraine, the present Law, other normative legal acts and international treaties of Ukraine.

 

2. If an international treaty of Ukraine ratified by the Verkhovna Rada (Parliament) of Ukraine establishes other regulations than those stipulated by the legislation of Ukraine, the regulations of the international treaty shall prevail.

 

3. Transfer of personal data to foreign subjects involved in personal data relations shall be performed exclusively if the relevant state ensures an appropriate personal data protection in cases established by the law or international treaty of Ukraine.

 

States Parties to the European Economic Area, as well as countries that have signed the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data shall be recognized as those ensuring the appropriate level of protection of personal data.

 

The Cabinet of Ministers of Ukraine determines the list of countries that offer adequate protection of personal data.

 

Personal data shall be disseminated solely for the purpose they were collected for.

4. Personal data can be transferred to foreign subjects involved in personal data relations also if:

 

1) personal data subject gives his/her unambiguous consent to such a transfer;

 

2) there is a need to conclude or perform a contract between the controller of personal data and a third party personal data subject for benefit of the personal data subject;

 

3) there is a need to protect the vital interests of personal data subjects;

 

4) there is a need to protect public interest, to set, enforce and maintain a legal claim;

 

5) controller of personal data provides relevant guarantees of non-interference in private and family life of the personal data subject.

 

Article 30. Final provisions

 

1. The present Law shall enter into force since 1st of January 2011.

 

2. The Cabinet of Ministers of Ukraine, within six months since the day this Law enters into force shall:

 

ensure adoption of normative legal acts provided for by the present Law;

 

harmonize its normative legal acts with the present Law.

 

 

President of Ukraine V. Yanukovych

 

Kyiv, June 1, 2010

# 2297-VI



List of persons related to terrorist activity or persons to whom international sanctions were applied
Contact Administrator News Archive