Advanced Search

On The Protection Of Personal Data

Original Language Title: Про захист персональних даних

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.

LAW OF UKRAINE

About protecting personal data

(Information of the Verkhovna Rada of Ukraine (VR), 2010, No. 34, st. 481)

{With changes under the Laws
No. 4452-VI of 23.02.2012 , VR, 2012, No. 50, pp. 564
No. 5491-VI of 20.11.2012 , VR, 2013, No. 51, pp. 715
No. 245-VII of 16.05.2013 , BBR, 2014, No. 12, pp. 178
No. 383-VII of 03.07.2013 , VR, 2014, No. 14, pp. 252
No. 1170-VII of 27.03.2014 , BBR, 2014, No. 22, pp. 816
No. 1262-VII of 13.05.2014 , BBR, 2014, No. 27, pp. 914
No. 316-VIII from 09.04.2015 , BBR, 2015, No. 26, pp. 218
No. 675-VIII of 03.09.2015 , BBR, 2015, No. 45, pp. 410}

{In the text of the Law of the Word "database of personal data" and "database serial data" in all differences and numbers are replaced by the words "personal data owners" and "personal data order" in the appropriate case and under the Law No. 5491-VI of 20.11.2012 }

Article 1. Scope of the Act

This Act governs legal relations related to the protection and processing of personal data, and is aimed at protecting the fundamental rights and freedoms of man and citizen, in particular the rights of non-intervention in personal life, due to personal data processing.

This Act applies to personal data processing, which is done completely or partly with automated means, as well as processing of personal data contained in the file cabinet or intended to be applied to the file cabinet. application of non-automated means.

{Part of third Article 1 is excluded based on the Law of the No. 383-VII of 03.07.2013 }

{Part of Article 1 is excluded based on the Law of the No. 383-VII of 03.07.2013 }

{Article 1 in the Drafting of the Law No. 5491-VI of 20.11.2012 }

Article 2: Defining terms

In this Act, the following terms are used in this way:

The database of personal data is a named aggregate of sorted personal data in electronic form and/or in the form of personal data cards;

The domain of personal data-a physical or legal entity that identifies the purpose of processing personal data, establishes the composition of these data and procedures for processing if the other is not defined by the law;

{Paragraph 3 of Article 2 changes in accordance with the Act No. 5491-VI of 20.11.2012 ; in the drafting of the Law No. 383-VII of 03.07.2013 }

The consent of personal data is the voluntary avoid of the physical person (provided by its informed consent) to grant permission to process its personal data according to the stated purpose of their processing, expressed in writing or in the form that It is possible to conclude an agreement. In the area of electronic commerce, the subject of personal data may be given during registration in the subject of electronic commerce subject, by asking for permission to process their personal data. the data according to the formulated purpose of their processing, provided that such a system does not produce capabilities to process personal data until the moment of the feedback;

{Paragraph 4 of Article 2 in the edition of the Law No. 1262-VII of 13.05.2014 ; with changes made under the Act No. 675-VIII of 03.09.2015 }

{Paragraph 5 of Article 2 is excluded based on the Law of the No. 383-VII of 03.07.2013 }

The deindividuation of personal data is the extraction of information that allows directly or indirectly to identify the person;

{Paragraph 2 of Article 2 of the changes made under the Act No. 5491-VI of 20.11.2012 }

Cabinet-any structured personal data available under the defined criteria, regardless of whether such data is centralized, decentralized or divided by functional or geographical principles;

{Article 2 is supplemented by a term under the Law No. 5491-VI of 20.11.2012 }

processing of personal data-any action or aggregate of actions such as assembly, registration, accumulation, storage, adaptation, change, renewal, use and distribution (distribution, implementation, transfer), deindividuation, personal destruction data, including the use of information (automated) systems;

{Paragraph 2 of Article 2 of the Act No. 5491-VI of 20.11.2012 }

The recipient is a physical or legal entity that is given to personal data, including a third person;

{Article 2 is supplemented by a term under the Law No. 5491-VI of 20.11.2012 }

personal data-information or collection of information about the physical person identified or may be specifically identified;

personal data is a physical or legal entity that owns personal data or the law is given the right to process these data on behalf of a possession;

{Paragraph 2 of Article 2 of the changes made under the Act No. 5491-VI of 20.11.2012 }

Personal data is the physical person whose personal data are handled;

{Paragraph 2 of Article 2 in the Drafting of the Law No. 383-VII of 03.07.2013 }

Third person-any person, except for the subject of personal data, of the possession or disorderly of personal data and of the Commissioner of the Verkhovna Rada of Ukraine on the rights of person or the order of personal data to be transferred Personal data.

{Paragraph 2 of Article 2 in the Drafting of the Law No. 383-VII of 03.07.2013 }

Article 3. Personal data protection legislation

Personal data protection legislation Constitution of Ukraine , this Act, other laws and regulations, international treaties of Ukraine, consent to the duties provided by the Verkhovna Rada of Ukraine.

Article 4. Subjects of relationships related to personal data

1. The subjects of the relationships related to personal data are:

Personal data;

The possession of personal data;

The order of personal data;

Third person

Empowered by the Supreme Council of Ukraine on Human Rights (hereinafter-Commissioners).

{Paragraph 6 of the first article 4 of the edition of the Law No. 383-VII of 03.07.2013 }

{Paragraph 7 of the first article 4 is excluded based on the Law of the No. 5491-VI of 20.11.2012 }

2. The lord or the orderly of personal data may be enterprises, institutions and organizations of all forms of property, government authority or local government bodies, physical persons-entrepreneurs who handle personal data according to Right.

3. The separation of personal data, whose owner is the state authority or local government authority other than those bodies, may only be a business or communal form of property belonging to the scope of the administration of this body.

{Part of the third article 4 with the changes made under the Act No. 5491-VI of 20.11.2012 }

4. The master of personal data may instruct the processing of personal data of the data of the individual data according to the contract concluded in writing.

{Article 4 is supplemented by a fourth article under the Law No. 5491-VI of 20.11.2012 }

5. A data source can process personal data only with a purpose and in the scope defined in the contract.

{Article 4 is supplemented by a fifth article under the Law No. 5491-VI of 20.11.2012 }

Article 5. Protection objects

1. Personal data protection is personal.

2. Personal data may be attributed to confidential information about the person's law or person. There is no confidential information on personal data relating to the implementation of a person who occupies a position related to the implementation of the functions of the state or the bodies of local government, officials, or service authority.

3. Personal data specified in the declaration of property, income, expenses and the obligations of the financial nature decorated in form and in order set forth The Law of Ukraine "On the Principles of Prevention and Counter of Corruption" , do not belong to information with limited access, except information defined by the Law of Ukraine "On the principles of preventing and countering corruption".

It does not belong to information with limited access information on any form of a physical account of budget funds, state or communal property, other than cases foreseen. Article 6 of the Law of Ukraine "Access to Public Information".

The law may be prohibited from withheld other information that is personal data, to information with restricted access.

{Article 5 of the changes made under the Act No. 5491-VI of 20.11.2012 ; in the drafting of the Law No. 1170-VII of 27.03.2014 }

Article 6. General requirements for processing personal data

1. The purpose of personal data processing must be formulated in laws, other regulations, provisions, established or other documents governing the possession of personal data, and to comply with personal data protection legislation. data.

The processing of personal data is carried out openly and transparent with the application of the means and in a way that is appropriate for the purpose of such processing.

{Part of the first article 6 is supplemented by a new paragraph under the Act No. 5491-VI of 20.11.2012 }

In case of modifying the defined purpose of processing personal data to a new goal, which is incompatible with the previous one, for further processing of the data holdings of the personal data must obtain the consent of the subject of the personal data on the processing of its data, according to a modified purpose, unless otherwise provided by law.

{Paragraph 3 of the third part of the first article 6 with changes under the Act No. 5491-VI of 20.11.2012 ; in the drafting of the Law No. 383-VII of 03.07.2013 }

2. Personal data must be accurate, reliable, and updated as needed, determined by the purpose of their processing.

{Part of the second Article 6 in the edition of the Law No. 5491-VI of 20.11.2012 }

3. The schedule and content of the personal data must be appropriate, adequate, and non-improper regarding the specified purpose of their processing.

{Paragraph of the first part of the third article 6 with changes made under the Act No. 5491-VI of 20.11.2012 }

{Paragraph 2 of the second part of Article 6 is excluded based on the Law of the No. 5491-VI of 20.11.2012 }

4. Primary sources of information about the physical person are: issued by her name documents; signed by it; the information that the person affords.

5. The processing of personal data is carried out for specific and legitimate purposes defined by the consent of the subject of the personal data, or in cases provided by the laws of Ukraine, in the order established by the law.

6. The processing of data on physical persons is not permitted, without its consent, except in cases defined by law, and only in the interests of national security, economic welfare, and human rights.

{Part 6 of Article 6 of the changes made under the Act No. 1170-VII of 27.03.2014 }

7. If the processing of personal data is necessary to protect the vital interests of the subject of personal data, process personal data without its consent can be reached at a time when obtaining consent becomes possible.

8. Personal data is processed in a form that permits the identification of the physical person they relate to, not longer than is necessary for legitimate purposes in which they were collected or further processed.

Further processing of personal data in historical, statistical or scientific purposes may be carried out on the condition of ensuring their proper protection.

{Part 8 of Article 6 in the Drafting of the Law No. 383-VII of 03.07.2013 }

{Part 9 of Article 6 is excluded based on the Law of the No. 383-VII of 03.07.2013 }

10. The default processing order of the personal data is approved by the Commissioner.

{Part of Article 6 of the changes made under the Laws No. 4452-VI of 23.02.2012 , No. 5491-VI of 20.11.2012 ; in the Law of the Law No. 383-VII of 03.07.2013 , No. 1262-VII of 13.05.2014 }

Article 7. Special requirements for personal data processing

1. Revolving the processing of personal data on racial or ethnic origin, political, religious or worldview beliefs, membership in political parties and professional unions, condemnation of criminal punishment, and data relating to criminal justice. health, sex life, biometrics or genetic data.

{Part of the first article 7 with changes made under the Act No. 5491-VI of 20.11.2012 ; in the drafting of the Law No. 383-VII of 03.07.2013 }

2. The position of the first part of this article does not apply if the processing of personal data is:

1) is provided by providing the subject of personal data of one-to-one consent to the processing of such data;

(2) It is necessary for the exercise of the rights and responsibilities of the holder in the sphere of labour law in accordance with the law with the enforcement of the appropriate protection;

{Paragraph 2 of the second article 7 with changes made under the Act No. 5491-VI of 20.11.2012 }

3) it is necessary to protect the vital interests of the subject of personal data or of another person in the case of incapacitated or limiting the civilian capacity of the subject of personal data;

{Item 3 of the second article 7 with changes made under the Act No. 5491-VI of 20.11.2012 }

4) is carried out with the provision of suitable protection to the religious organization, the public organization of the world glossy, political party or professional union established in accordance with the law, provided that processing applies solely to personal data of members of these associations or individuals who maintain permanent contact with them in relation to the nature of their activities, and personal data is not passed by a third person without the consent of the subjects of personal data;

{Paragraph 4 of the second article 7 with changes made under the Act No. 5491-VI of 20.11.2012 }

(5) It is necessary for the rationale, satisfaction or protection of the legal requirement;

6) it is necessary for health purposes, setting up medical diagnosis, to provide care or treatment or provision of medical services, provided that such data is processed by a medical staff or another health care provider. The responsibility to ensure the protection of personal data and to which the legislation on the hospital is distributed;

{Paragraph 6 of Part 2 of Article 7 in the Drafting of the Law No. 5491-VI of 20.11.2012 }

7) refers to the lessons of the court, the execution of tasks of expeditious or counterintelligence, combating terrorism and exercised by the state body within its authority defined by the law;

{Paragraph 7 of the second article 7 with changes under the Act No. 245-VII of 16.05.2013 ; in the drafting of the Law No. 383-VII of 03.07.2013 }

8) refers to data that has been explicitly published by the subject of personal data.

{Item 8 of the second article 7 with the changes in accordance with the Act No. 383-VII of 03.07.2013 }

Article 8. Personal data subject rights

1. Personal non-master rights to personal data, which has every physical person, are non-negative and inviolable.

2. The Subject of Personal Data has the right to:

1) know about the sources of assembly, the whereabouts of their personal data, the purpose of their processing, location or place of residence (s) of the possession or dislocation of personal data or to give an appropriate charge to obtain this information To be authorized by him, except in the cases established by law;

{Paragraph 1 of Part Two of Article 8 with changes under the Act No. 5491-VI of 20.11.2012 ; in the drafting of the Law No. 383-VII of 03.07.2013 }

2) receive information on the conditions of providing access to personal data, including information on third persons transmitted by its personal data;

{Paragraph 2 of the second article 8 with changes under the Act No. 5491-VI of 20.11.2012 }

(3) to access their personal data;

{Item 3 of the second article 8 with changes made under the Act No. 5491-VI of 20.11.2012 }

4) receive no later than thirty calendar days from the day of the request, except in the cases prescribed by the law, the answer to whether its personal data is processed and the content of such personal data is being processed;

{Paragraph 4 of the second Article 8 in the edition of the Law No. 383-VII of 03.07.2013 }

5) to suggest motivated by the requirement to possess personal data with objections to the processing of their personal data;

{Paragraph 5 of Part Two of Article 8 in the Drafting of the Law No. 5491-VI of 20.11.2012 }

6) to be motivated by the requirement to modify or destroy their personal data by any possession and dislocation of personal data if these data are handled illegally or are impractical;

{Paragraph 6 of Part Two of Article 8 with changes under the Act No. 5491-VI of 20.11.2012 }

7) to protect their personal data from illegal processing and accidental loss, destruction, damage in connection with intentional concealment, unreliable or untimely conduct, and to protect against information that is inappropriate or shameful. Honor, dignity and business reputation of a physical person;

(8) To address complaints about the processing of their personal data prior to the Commissioner or to the Court;

{Paragraph 8 of Part Two of Article 8 in the Drafting of the Law No. 5491-VI of 20.11.2012 ; with changes made under the Act No. 383-VII of 03.07.2013 }

(9) To apply the means of legal protection in case of violation of personal data protection legislation;

(10) To make reservations about the restriction of the right to handle their personal data when giving consent;

{Part of the second article 8 is supplemented by paragraph 10 under the Act No. 5491-VI of 20.11.2012 }

(11) Revoke consent for the processing of personal data;

{Part of the second article 8 is supplemented by paragraph 11 under the Law No. 5491-VI of 20.11.2012 }

12) know the mechanism of automatic processing of personal data;

{Part of the second article 8 is supplemented by paragraph 12 under the Law No. 5491-VI of 20.11.2012 }

13) to protect against an automated solution that has legal consequences for him.

{Part of the second article 8 is supplemented by paragraph 13 under the Law No. 5491-VI of 20.11.2012 }

{Part of third Article 8 is excluded based on the Law of the No. 383-VII of 03.07.2013 }

Article 9. Personal Data Processing Messages

1. The human side of personal data reports authorizing the processing of personal data, which is a special risk to personal data subjects and thirty working days from the beginning of such processing.

Types of personal data processing, which constitutes a special risk to the rights and freedoms of the subjects of personal data, and the category of subjects on which the requirement for a message is determined by the Commissioner.

2. Messages about the processing of personal data are given by the form and in the order defined by the Commissioner.

3. The personnel of personal data is required to notify the Commissioner for each change of information subject to the notice, within ten working days from the day of occurrence of such a change.

4. The information that is reported in accordance with this article shall be made public on the official website of the Commissioner in the order defined by the Commissioner.

{Article 9 of the changes under the Act No. 5491-VI of 20.11.2012 ; in the drafting of the Law No. 383-VII of 03.07.2013 }

Article 10. Using personal data

1. Use of personal data involves any possession of the processing of these data, the actions of their protection, and actions to provide partial or full right of processing personal data to other subjects related to personal data. the data carried out by the consent of the subject of the personal data or according to the law.

{Part of Article 10 of the changes made under the Act No. 5491-VI of 20.11.2012 }

2. The use of personal data is carried out in the event of creating it to protect these data. The possession is prohibited to spread information about the subjects of personal data, whose access to personal data is given to other subjects of the relationships associated with the data.

{Part of the second article 10 of the changes made under the Act No. 5491-VI of 20.11.2012 }

3. The use of personal data by employees of relationships associated with personal data should only be carried out in accordance with their professional or service or labour duties. These employees are required to prevent the disclosure in any way of personal data that they have been entrusted to or who have become known in relation to the execution of professional or service or labour duties, in addition to the cases prescribed by the law. This obligation is valid after the termination of personal data related to personal data, except in the cases established by law.

{Part of the third article 10 with the changes made under the Act No. 1170-VII of 27.03.2014 }

4. The personal life of a physical person cannot be used as a factor that confirms or disprove its business qualities.

Article 11. Reasons for handling personal data

1. Subroutines for the processing of personal data are:

1) consent to the subject of personal data on the processing of its personal data;

2) permission to process personal data provided by the possession of personal data in accordance with the law solely for the exercise of its authority;

(3) the conclusion and execution of which a person is a subject of personal data or which is contracted to the subject of the personal data or for the exercise of measures prior to the entry of the legal entity to the subject of the individual data;

4) to protect the vital interests of the subject of personal data;

(5) The need to comply with the possession of personal data provided by law;

{Part of article 11 is supplemented by a new paragraph under the Law No. 383-VII of 03.07.2013 }

(6) The need to protect the legitimate interests of possessing personal data, third persons, other than cases where the subject of personal data requires the end of processing of its personal data and the needs of protecting personal data is dominated by such interest.

{Item 6 of the first Article 11, in the edition of the Law No. 383-VII of 03.07.2013 }

{Article 11 in the edition of the Law No. 5491-VI of 20.11.2012 }

Article 12. Collecting personal data

1. The gathering of personal data is a component of the process of processing, which involves the selection or ordering of information about the physical person.

{Part of the first article 12 of the changes made under the Act No. 5491-VI of 20.11.2012 }

2. The Personal Data Act is reported to possess personal data, the composition and content of the collected personal data, the rights defined by the Act, the purpose of collecting personal data and persons transmitted by its personal data:

at the time of collecting personal data, if personal data is collected in the subject of personal data;

in other cases for thirty working days from the day of the collection of personal data.

{Part of the second article 12 in the edition of the Laws No. 5491-VI of 20.11.2012 , No. 383-VII of 03.07.2013 }

{Part of the third article 12 is excluded based on the Law of the No. 5491-VI of 20.11.2012 }

{Part of Article 12 is excluded based on the Law of the No. 5491-VI of 20.11.2012 }

Article 13. Storage and storage of personal data

1. A copy of personal data involves the act of combining and systematizing information about the physical person or group of individuals or to contribute to the database.

2. Keeping of personal data involves actions to ensure their integrity and the appropriate access regime.

Article 14. Distributing personal data

1. The spread of personal data provides for action on the transfer of information about the physical person on the consent of personal data subject.

{Part of the first article 14 with the changes made under the Act No. 5491-VI of 20.11.2012 }

2. The spread of personal data without the consent of the subject of personal data or authorized by him is permitted in cases defined by law, and only (if necessary) in the interests of national security, economic welfare and human rights.

{Part of the second article 14 of the changes made under the Act No. 5491-VI of 20.11.2012 }

3. Execution of the requirements of the established personal data protection regime provides a party that distributes the data.

4. The Party to which personal data is transmitted must pre-take measures to ensure the requirements of this Act.

Article 15. Removal or destruction of personal data

{Title of Article 15 in the edition of the Law No. 5491-VI of 20.11.2012 }

1. Personal data is removed or destroyed in the order established in accordance with the requirements of the law.

{Part of the first article 15 of the changes made under the Act No. 5491-VI of 20.11.2012 }

2. Personal data shall be subject to removal or destruction in the case of:

{First part of the second article 15 of the changes made under the Act No. 383-VII of 03.07.2013 }

1) the end of a data storage string defined by the consent of the subject of personal data on the processing of these data or by law;

2) the termination of the legal relationship between the subject of personal data and the possessing or disorderly, unless otherwise provided by the law;

(3) The publication of the relevant inscription of the Commissioner or the designated officials of the Secretariat of the Commissioner;

{Sub-paragraph 3 of the second article 15 in the edition of the Law No. 383-VII of 03.07.2013 }

4) the selected legal force by the decision of the court to remove or destroy the personal data.

{Part of the second article 15 is supplemented by sub-paragraph 4 under the Act No. 383-VII of 03.07.2013 }

3. Personal data collected with a violation of the requirements of this Act shall be subject to removal or destruction in the established law.

{Part of the third article 15 with the changes made under the Act No. 383-VII of 03.07.2013 }

4. Personal data collected during the execution of tasks of expeditious or counterintelligence activities, combating terrorism, are removed or destroyed in accordance with the requirements of the law.

{Part of Article 15 of the changes made under the Act No. 383-VII of 03.07.2013 }

{Text of article 15 of the changes under the Act No. 5491-VI of 20.11.2012 }

Article 16. Order to access personal data

1. The order of access to personal data of third persons is determined by the terms of the subject's consent of the personal data provided by the possession of personal data to the processing of these data, or in accordance with the requirements of the law. The access order of third persons to personal data that is in possession of the public information ordered is determined by The Law of Ukraine "On Access to Public Information" .

{Part of Article 16 of the changes made under the Act No. 1170-VII of 27.03.2014 }

2. Access to personal data by a third person is not granted, if a given person refuses to take the obligation to enforce the requirements of this Act or may not be able to provide them.

3. A sub-relationship of personal data provides a request for access (further inquiry) to personal data of personal data.

4. The request shall:

1) last name, name and by parent, place of residence (place of stay) and requisition of a document, which will make a request (for a person's physical person);

2) naming, the whereabouts of a legal person who request a request, position, surname, name, and father of the person who ascertify the request; to confirm that the content of the request is the authority of a legal person (for the applicant's legal person);

(3) the surname, the name and the parent, as well as other information that can be able to identify the physical person whose request is made;

4) information about the database of personal data, which is requested, whether or not the information on the possession or dissent of personal data;

{Item 4 of the fourth article 16 of the changes in accordance with the Act No. 5491-VI of 20.11.2012 }

5) lists the personal data requested;

6) the purpose and/or legal grounds for the request.

{Item 6 of the fourth article 16 of the changes in accordance with the Act No. 5491-VI of 20.11.2012 }

5. A request to account for its satisfaction cannot exceed ten working days from the day of its receipt.

During this row, the identity of the personal data proves to the person who asks that the request will be satisfied or the relevant personal data shall not be subject to the application, with the value specified in the relevant regulatory act.

The request is satisfied within thirty calendar days from the day of its accession, unless otherwise provided by law.

6. A grant of personal data has the right to receive any information about themselves in any subject of the relationships associated with personal data, provided for the provision of information defined in the 1 part 4 part in this article, other than cases established by law.

{Part of the sixth article 16 of the changes made under the Act No. 5491-VI of 20.11.2012 }

Article 17. Rejection or denial of personal data

1. The lack of personal data access to personal data is not allowed.

2. The ability to access personal data of third persons is allowed if the necessary data cannot be provided within thirty calendar days from the day of the request. In this general term, the resolution of the questions entrusted to the question cannot exceed forty-five calendar days.

The deformation notice is reported to a third person who has filed a request, in writing with the explanation of the order of appeal of such a decision.

The following information has been reported:

1) the surname, the name and by the parent of the official;

2) the date of departure of the message;

3) the reason for the reformation;

4) rows that will be satisfied with the request.

3. Access to personal data is allowed if access is prohibited under the law.

The failure message is:

1) surname, name, by parent of the official who refuses to access;

2) the date of departure of the message;

3) reason of failure.

Article 18. Challenge the decision to be denied or denying access to personal data

1. The decision to deter or refusal to access personal data may be appealed to the Commissioner of the Verkhovna Rada of Ukraine on the rights of man or court.

{Part of the first Article 18 in the edition of the Law No. 5491-VI of 20.11.2012 ; with changes made under the Act No. 383-VII of 03.07.2013 }

2. If the request is made by the subject of personal data on account, the duty of the proof in the court of legality of the refusal to access is placed on the possession of the personal data, to which the request is submitted.

{Part of the second article 18 of the changes made under the Act No. 5491-VI of 20.11.2012 }

Article 19. Pay access to personal data

1. Access to personal data to personal data is made free of charge.

2. Access to other entities related to personal data, to personal data of a particular physical person or a group of individuals may be paid in case of holding conditions defined by the Act. Payment is subject to work related to personal data processing, as well as work on counseling and organization of access to relevant data.

3. The size of the services of the services to provide access to personal data by the public authorities is determined by the Cabinet of Ministers of Ukraine.

4. State authorities and local governments are entitled to unimpeded and free access to personal data according to their authority.

Article 20. Changes and additions to personal data

1. The handsets or decimals of personal data are required to make changes to personal data on the basis of the motivated written requirement of the individual data.

{Part of the first article 20 of the changes made under the Act No. 383-VII of 03.07.2013 }

2. The Wallachians or personalization of personal data are required to make changes to personal data also by addressing other entities related to personal data, if there is a consent of the subject of the personal data or the appropriate change It is carried out in accordance with the rule of the Commissioner, or by the officials of the Secretariat of the Commissioner, or by the decision of the court, which has had the rule of law.

{Part of the second article 20 in the edition of the Law No. 383-VII of 03.07.2013 }

3. A change of personal data that is not valid has been untrue since the establishment of non-compliance.

Article 21. Personal Data Action Message

1. On the transfer of personal data, the third person to own personal data within ten working days reports to the subjects of the personal data, if that is required by the terms of its consent or otherwise not provided by law.

2. The messages specified in part one of this article shall not be carried out in the case of:

(1) Transfer of personal data for requests performed by the tasks of expeditious or counterintelligence, combating terrorism;

(2) the execution of the organs of the state authorities and the authorities of the local self-government of their powers prescribed by the law;

3) perform personal data processing in historical, statistical or scientific purposes;

4) message to the subject of personal data according to the requirements sections of Article 12 of this Act.

{Part of the second article 21 is supplemented by paragraph 4 under the Law No. 5491-VI of 20.11.2012 }

3. About the change, removal or destruction of personal data or limiting access to the domain of personal data within ten working days reports subject to personal data as well as entities related to personal data that these data has been submitted.

{Part of the third article 21 with the changes made under the Act No. 383-VII of 03.07.2013 }

Article 22. Oversight of personal data protection legislation

1. Control of the enforcement of personal data protection legislation within the authority prescribed by the law shall be carried out by the following bodies:

(1) Commissioners;

(2) Courts.

{Article 22 with the changes made under the Act No. 5491-VI of 20.11.2012 ; text of Article 22 in the edition of the Law No. 383-VII of 03.07.2013 }

Article 23. Powers of the Commissioner of the Verkhovna Rada of Ukraine on the protection of personal data

1. The authorizations shall have the following responsibilities in the field of protection of personal data:

1) receive suggestions, complaints and other appeals of physical and legal persons on the protection of personal data and to make decisions based on their consideration;

2) to conduct on the basis of appeals or by its own initiative of exit and non-exit, bar, out-of-plan inspections of personal data in the order defined by the Commissioner, in accordance with the law of access to the The premises where personal data are processed;

3) receive on their demand and have access to any information (documents) of the owners or ordinaries of the personal data required to make control of the protection of personal data, including access to personal data. data, relevant databases, or files, restricted information;

(4) To approve regulatory and legal acts in the field of protection of personal data in cases provided by the Act;

5) for summarizing, considering the appeal to issue mandatory requirements (admissions) on preventing or eliminating violations of personal data protection legislation, including regard to changes, removal or destruction of personal data, To provide access to them, to grant or ban them by providing a third person, stop or stop the processing of personal data;

6) to provide guidance on practical application of personal data protection legislation, disregard the rights and obligations of relevant individuals by addressing the subjects of personal data, owners or ordinators of personal data, structural units or responsible persons in the organization of the protection of personal data, other persons;

7) interact with structural units or responsible persons, which according to this Act, organize a work related to the protection of personal data in their processing; publish information on such structural units and Responsible persons;

8) to refer to the Verkhovna Rada of Ukraine, the President of Ukraine, the Cabinet of Ministers of Ukraine, other state bodies, local government bodies, their officials regarding the adoption or amendment of the regulatory legal acts Protection of personal data;

9) provide for the appeal of professional, self-governing and other public associations or legal opinions on the draft codes of conduct in the field of protection of personal data and changes to them;

(10) To compose the protocols for an administrative responsibility and to send them to court in cases prescribed by the law;

11) inform the legislation on the protection of personal data, the problems of its practical application, the rights and duties of the subjects of the relationships associated with personal data;

12) monitor new practices, trends and technologies to protect personal data;

13) organize and provide interaction with foreign entities related to personal data, including in connection with the implementation of Convention on the Protection of Persons in Communication with Automated Processing of Personal Data and Additional Protocol to her, other international treaties of Ukraine in the field of protection of personal data;

14) participate in the work of international organizations on the protection of personal data.

2. The empowered of the Verkhovna Rada of Ukraine on human rights includes its annual report on the state of retention and protection of human rights and freedoms in Ukraine a report on the state of the state of the protection of personal data laws.

{Article 23 of the changes under the Act No. 5491-VI of 20.11.2012 ; in the drafting of the Law No. 383-VII of 03.07.2013 }