On Amendments to the Law of Ukraine "On Protection of Personal Data"
(Information of the Verkhovna Rada (VR), 2013, No. 51, pp. 715)
Verkhovna Rada of Ukraine Orders:
I. Amend The Law of Ukraine "On Protection of Personal Data" (Information of the Verkhovna Rada of Ukraine, 2010, No. 34, pp. 481; with changes made by the Law of Ukraine dated 23 February 2012 No. 4452-VI) such changes:
1. Article 1 Set out in this edition:
This Act governs legal relations related to the protection and processing of personal data, and is aimed at protecting the fundamental rights and freedoms of man and citizen, in particular the rights of non-intervention in personal life, due to personal data processing.
This Act applies to personal data processing, which is done completely or partly with automated means, as well as processing of personal data contained in the file cabinet or intended to be applied to the file cabinet. application of non-automated means.
This Act does not apply to personal data processing, which is carried out by a physical person solely for personal or household needs.
The provisions of this Act do not apply to personal data processing activities, which are carried out by creative or literary staff, including journalist, in professional purposes, provided the provision of balance between the right to non-interference in personal information. life and the right to express themselves. "
2. In Article 2 :
1) in the paragraph of the third word "in this database" to exclude;
(2) Paragraph of the fifth set in this edition:
" The consent of the subject of personal data is the voluntary avoid of the physical person (provided by its informed consent) to grant permission to process its personal data according to the stated purpose of their processing, expressed in writing or in the form that To conclude its provision ";
(3) Paragraphs sixth after the words "allow" to be supplemented with the words "directly or indirectly";
(4) The seventh paragraph of the seventh session is as follows:
" Processing of personal data-any action or aggregate of actions such as assembly, registration, accumulation, storage, adaptation, change, renewal, use and distribution (distribution, implementation, transfer), deindividuation, destruction of personal data data, including the use of information (automated) systems ";
5) complement the alphabetical order with the terms of the following content:
"cabinet-any structured personal data available under the defined criteria, regardless of whether such data is centralized, decentralized or divided by functional or geographical principles";
"The recipient is a physical or legal entity given to personal data, including a third person";
(6) Paragraph 11 after the words "these data" will be supplemented with the words "on behalf of the possession".
3. In Article 4 :
(1) a paragraph of the seventh part of the first to exclude;
(2) In part the third word "which" shall be replaced by the word "which";
3) complement the parts of the fourth and fifth such content:
" 4. The domain of personal data can instruct the processing of personal data of the data of the individual data according to the contract concluded in writing.
5. A data source can process personal data only with a purpose and in the volume defined in the contract. "
4. In Article 5 :
1) in part of the first word "which are processed in the databases of personal data" to exclude;
(2) Third and fourth exceptions.
5. In Article 6 :
after the paragraph of the first addition to the new paragraph of the following content:
"The processing of personal data is carried out openly and transparent with the application of the means and in a way that meets the goals of such processing."
In this regard, the second paragraph should be considered a third paragraph;
The third-complement paragraph is "if the new purpose of the processing is incompatible with the previous one";
2) a part of the second teaching in such an editorial:
" 2. Personal data must be accurate, reliable and updated as needed, determined to process them ";
the first after the words "be appropriate" to supplement the word "adequate";
(4) Part of the ninth meeting in such an editorial:
" 9. The processing of personal data in historical, statistical or scientific purposes can only be carried out on the terms of ensuring their proper protection ";
the paragraph of the first edition:
" 10. The typical procedure for processing personal data in personal databases is approved by the central executive body, which ensures the formation of public policy in the area of personal data protection ";
6. In Article 7 :
(1) The first after the words of "professional unions" to supplement the words "accusations of committed crime or conviction of criminal punishment";
Paragraph 2 after the words "fulfillment" to be supplemented with the word "possession", and after the words "to the law"-with the words "with respect to the appropriate protection";
3 after the words "to protect" with the words "vital";
Paragraph 4 after the word "carried out" with the words "with the means of protection";
Paragraph 6 of the text of the session:
" 6) it is necessary for health purposes, setting up medical diagnosis, to provide care or treatment or provision of medical services, provided that such data is handled by medical staff or another health care institution on which the A duty to ensure the protection of personal data and to which the legislation on the hospital is distributed. "
7. In Part 2 of Article 8 :
In paragraphs 1 and 6 of the word "this base", replace the words "personal data";
in paragraphs 2 and 3 of the word "contained in the appropriate database of personal data" to exclude;
"(5) to be motivated by the requirement to possess personal data with negation versus processing of their personal data";
"(8) To address complaints about the processing of their personal data to public authorities and officials, whose authority is to ensure the protection of personal data, or to the court";
Complement paragraphs 10-13 of this content:
" (10) To make reservations about the restriction of the right to handle their personal data when giving consent;
(11) Revoke consent for the processing of personal data;
12) know the mechanism of automatic processing of personal data;
13) to protect against an automated solution that has legal consequences for him. "
8. In Article 9 :
1) a part of the second complement of paragraphs to others is the fourth such content:
" The possession of personal data is exempt from the duty of registration of personal data:
Which is related to the implementation and implementation of labour relations;
members of public, religious organizations, professional unions, political parties ";
(2) Part three after the paragraph of sixth supplement three new paragraphs of such content:
" information on the composition of the personal data being processed;
Information on third persons transmitted by personal data;
information on the transboundary transmission of personal data. "
In this regard, the seventh and eighth paragraphs of the eighth and eleventh are counted as paragraphs of the tenth and eleventh;
in a paragraph of the third word "ten" to replace the word "thirty".
9. In parts of first and article 10 the word "bases" to exclude.
10. Article 11 Set out in this edition:
" Article 11. Reasons for handling personal data
1. Subroutines for the processing of personal data are:
1) consent to the subject of personal data on the processing of its personal data;
2) permission to process personal data provided by the possession of personal data in accordance with the law solely for the exercise of its authority;
(3) the conclusion and execution of which a person is a subject of personal data or which is contracted to the subject of the personal data or for the exercise of measures prior to the entry of the legal entity to the subject of the individual data;
4) to protect the vital interests of the subject of personal data;
5) the need to protect the legitimate interests of possessing personal data, third persons, in addition to cases where the subject of personal data requires the end processing of its personal data and the needs of protection of personal data is dominated by such interest. "
11. In Article 12 :
(1) In part one of the first words "and the introduction of them to the database of personal data" to exclude;
2) a part of the second teaching in such an editorial:
" 2. At the time of the gathering of personal data or in cases stipulated by paragraphs 2 to 5 of the first article 11 of this Act, over ten working days from the day of collecting personal data, the subject of personal data reported to the possession of personal data, the composition and content of the collected personal data, the rights of such subject, defined by this Act, the purpose of collecting personal data and persons transmitted by its personal data ";
(3) Third and fourth exceptions.
12. Article 14 :
(1) In part one of the first words "from the databases of personal data" to exclude;
2) part of the second after the words "and only" to complement the words "(if necessary)".
13. In Article 15 :
1) the name of the teaching in this edition:
" Article 15. Removal or destruction of personal data ";
(2) First after "personal data", the words "are deleted or";
3) in the text of the article "in the databases of personal data" in all differences and numbers to exclude.
14. In Article 16 :
In paragraph 4, the words "this base" will be replaced by the words "personal data";
6 after the words "the purpose" to be supplemented with the words "and/or legal grounds for";
(2) In part six words ", without the purpose of a request" to be replaced by the words "provided for the provision of information defined in paragraph 1 of part of this article".
15. In Article 18 :
(1) Part of the first teaching in such an editorial:
" 1. The decision to deter or failure to access personal data can be appealed to the court ";
2) In part 2, the word "base" is excluded.
16. Part 2 of Article 21 Complement paragraph 4 of this content:
"4) the message of the subject of the personal data according to the requirements of the part of the second article 12 of this Act".
17. In Part 2 of the first article 22 The words "and the local governments" are excluded.
18. In Article 23 :
(1) Part of the first teaching in such an editorial:
" 1. The Office of the State Authority for Personal Data Protection is the central executive body that provides the implementation of public policies in the field of protection of personal data.
The Commissioner for Personal Data Protection is independent of the implementation of the powers provided by the Act ";
Paragraph 4 after the words "protection of personal data" to be supplemented with the words "through the conduct of the visa and non-driving inspections of the owners and/or the dissent of personal data";
Complement paragraphs 9 to 13 of this content:
" 9) provides the holdings and staff of personal data and subjects of personal data information on their rights and duties;
10) monitors new practices, trends and technology protection of personal data;
11) provides guidance on practical application of provisions of the protection of personal data legislation;
12) impose proposals on the formation of policies in the field of protection of personal data in the order defined by the legislation;
(13) agree to the corporate codes of conduct according to a part of the second article 27 of this Act ";
3) complement the third-fifth of such content:
" 3. The head of the authorized public authority on the protection of personal data and its deputies is appointed in accordance with the requirements established by the legislature.
4. The State Census and the State Authority for the Protection of Personal Data are approved by his Head in terms of the agreement with the Ministry of Finance of Ukraine.
The head of the authorized public authority on personal data protection takes in the prescribed order of the decision on the distribution of budget funds, which is the authorized state body for the protection of personal data.
5. Report on the implementation of the authorized public authority on the protection of personal data of tasks and plans of work is publicly available, published on its official website and submitted to the President of Ukraine, the Cabinet of Ministers of Ukraine and the Verkhovna Rada Ukraine ".
19. In Article 24 :
1) in the name of the word "in the databases of personal data" to exclude;
(2) A part of the second after the words "from illegal processing" to be supplemented with the words "including loss, illegal or accidental destruction";
(3) Part of the fourth to exclude;
4) in the sixth word "bases" to exclude.
20. Part 2 of Article 27 complemented by the words "by the agreement with the authorized public authority on the protection of personal data".
21. In Article 29 :
1) the name of the teaching in this edition:
" Article 29. International cooperation and transfer of personal data ";
2) part of the third set in this edition:
" 3. The transfer of personal data to foreign entities related to personal data is provided only by ensuring the proper protection of personal data in cases established by law or by the international treaty. Ukraine.
The states parties to the European Economic Area, as well as the states that have signed the Convention on the Protection of Persons in connection with automated processing of personal data, are recognized to provide a proper level of protection of personal data. data.
The Cabinet of Ministers of Ukraine defines a list of states that provide proper protection of personal data.
Personal data cannot be distributed to a different purpose than the one with which they were collected ";
3) complement part of the fourth such content:
" 4. Personal data can be transmitted to foreign actors related to personal data, as well as in the case of:
1) providing the subject of personal data of one-to-one consent to such a transfer;
(2) the need to make or execute the legal situation between the possession of personal data and the third person-the subject of personal data in favour of the subject of personal data;
(3) the need to protect the vital interests of the subjects of personal data;
(4) The need to protect public interest, establish, perform and ensure the legal requirement;
5) providing the possession of personal data of relevant safeguards for non-intervention in the personal and family life of the subject of personal data. "
22. Text Law words "possession of the database of personal data" and "tablebase of personal data" in all differences and numbers are replaced by the words "possession of personal data" and "personal data order" in the case of the relevant data.
1. This Act will take effect from the day, the following day by the day of its publication.
2. The Cabinet of Ministers of Ukraine:
During one month of the following Act, the Act is to ensure that the Act is to be brought into compliance with the Act;
Provide a revision and enforcement of the ministries and other central executive bodies of their normative acts in compliance with the Act.