PERSONAL CUSTOMER’S DATA PROTECTION: NORMATIVE REQUIREMENTS IN UKRAINE AND EUROPEAN UNION
Abstract
Purpose is to analyze a normative framework, which regulates area of personal data protection, present the main examples of legislation in use on Ukrainian market, stress up the top priority sections of a new EU General data protection regulation (GDPR), provide recommendations on GDPR implementation in comparison to existing EU Data protection Directive. Methodology of research. The basis of the research work assigned as general (analysis, observation) and special methods of cognition. Methods of analysis and observation used to explore the problems during implementation of new legislation. Methods of cognition used for substantiation of importance to be comply with legislation in terms of data. Findings. The research highlights the main requirements for personal data protection in Ukraine, legislation that regulates this area and supervisory bodies. Furthermore, research has detail analysis of the main legal requirements of the European Union in the field of personal data protection. Allocated the key differences, in comparison between the existing legislation and the new requirements. Analyzed General data protection regulation and provided recommendations on implementation of the highest priority areas, with a detail description of controversial moments. Also explained consequences that can have a non-compliance with the new legislation for companies which work with personal data of EU customers. This research can be used as a practical guide for implementation of GDPR or align structure and policies in area of personal data protection to international best practice. The research represents options of GDPR implementation and provides expert opinion on the organization of a workflow and project plan which allows completely implement the legislative changes in time. Originality. The recommendations on introduction of modern approaches to the protection of personal data were developed. Were further developed proposals to conform to international best practice structure and policies in matters of personal data protection. Practical value. Research results can be offered for introduction in activity of banks and other FIs, which will be instrumental in an effective management informative safety.
References
Boardman Ruth Guide to the General Data Protection Regulation / Ruth Boardman, James Mullock, Ariane Mole // Twobirds [Електронний ресурс]. – Режим доступу : https://www.twobirds.com/~/media/pdfs/gdpr-pdfs/bird--bird--guide-to-the-general-data-protection- regulation.pdf?la=en.
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data // Official Journal of the European Union [Електронний ресурс]. – Режим доступу : http://eur- lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:31995L0046.
Guidelines on Data Protection Officers („DPOs‟) № 16 / EN WP 243 // Official Site of European Commission [Електронний ресурс]. - Режим доступу : http://ec.europa.eu/information_society/newsroom/image/document/2016-51/wp243_en_40855.pdf.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) // Official Journal of the European Union [Електронний ресурс]. – Режим доступу : http://eur-lex.europa.eu/legal- content/EN/TXT/?uri=CELEX:32016R0679.
Unlocking the EU General Data Protection Regulation: A practical handbook on the EU‟s new data protection law // White & Case LLP [Електронний ресурс]. - Режим доступу : https://www.whitecase.com/publications/article/unlocking-eu-general-data-protection-regulation-practical- handbook-eus-new-data.
Про банки і банківську діяльність : Закон України № 2121-III від 07.12.2000 р. [Електронний ресурс]. – Режим доступу : http://zakon2.rada.gov.ua/laws/show/2121-14.
Про внесення змін до деяких законодавчих актів України щодо удосконалення системи захисту персональних даних : Закон України № 383-18 від 03.07.2013 р. [Електронний ресурс]. – Режим доступу : http://zakon2.rada.gov.ua/laws/show/383-18.
Про захист персональних даних : Закон України № 2297-17 від 01.06.2010 р. [Електронний ресурс]. – Режим доступу : http://zakon2.rada.gov.ua/laws/show/2297-17.
Boardman, Ruth, Mullock, James and Mole, Ariane (2016), “Guide to the General Data Protection Regulation”, available at: https://www.twobirds.com/~/media/pdfs/gdpr-pdfs/bird--bird--guide-to-the-general- data-protection-regulation.pdf?la=en (access date April 01, 2017).
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, available at: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:31995L0046 (access date April 01, 2017).
Guidelines on Data Protection Officers („DPOs‟) № 16 / EN WP 243, available at: http://ec.europa.eu/information_society/newsroom/image/document/2016-51/wp243_en_40855.pdf (access date April 01, 2017).
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), available at: http://eur- lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679 (access date April 01, 2017).
Unlocking the EU General Data Protection Regulation: A practical handbook on the EU‟s new data protection law (2016), available at: https://www.whitecase.com/publications/article/unlocking-eu-general- data-protection-regulation-practical-handbook-eus-new-data (access date April 01, 2017).
Verkhovna Rada Ukrainy (2000), Pro banky i bankivsku diialnist [On Banks and Banking], Zakon Ukrainy dated 07.12.2000 no. 2121-III, available at: http://zakon2.rada.gov.ua/laws/show/2121- 14 (access date April 01, 2017).
Verkhovna Rada Ukrainy (2013), Pro vnesennia zmin do deiakykh zakonodavchykh aktiv Ukrainy shchodo udoskonalennia systemy zakhystu personalnykh danykh [About changes to some normative acts of Ukraine concerning improvement of personal data protection system], Zakon Ukrainy dated 03.07.2013 no. 383-18, available at: http://zakon2.rada.gov.ua/laws/show/383-18 (access date April 01, 2017).
Verkhovna Rada Ukrainy (2010), Pro zakhyst personalnykh danykh [About personal data protection], Zakon Ukrainy dated 01.06.2010 no. 2297-17, available at: http://zakon2.rada.gov.ua/laws/show/2297-17 (access date April 01, 2017).
