GDPR or On Protection of Personal Data – What is More Efficient?

The article has analyzed the main provisions of General Data Protection Regulation and compared it with the Law of Ukraine ‘On Data Protection’. Advantages of the Regulation and necessity to adopt a new Law of Ukraine which could regulate data protection on European level have been identified.

The main provisions which are necessary to be implemented in future legal act have been defined. They are the following: personal data, controller, data processor, adequacy of protection etc. It is also necessary to identify rights, obligations, functions, competence and goal of activities after implementing such notions as controller and processor.

An important aspect is fines for violation of legislation on personal data protection. The Regulation provides for several types of violations and fine sanctions for them. Liability for violation of standards in the sphere of personal data protection ensures an effective mechanism for implementation of Regulation.

The article has also analyzed the notion ‘adequacy of protection’. The list of sources which were checked on ‘adequacy’ has been identified. The main criteria of ‘adequacy’ which the state has to comply with have been specified. The term for undergoing the inspection regarding compliance with ‘adequacy of protection’ has been defined. Criteria which the states should comply with in order to undergo the inspection have been provided. 

It is also necessary to define the mechanism for control in the sphere of personal data protection. The Regulation provides clear criteria for existence of this mechanism which should be implemented not only on the territory of Ukraine.

Existing provisions of the Law have been analyzed. Compared analysis of the term ‘privacy policy’ has been done and gaps in Ukrainian legislation have been studied. Compliance of the Regulation with a standard Ukrainian consent for processing of personal data has been defined.