State Service on Personal Data Protection Planning to Inspect Company Websites
On 22 March 2013 the State Service on Personal Data Protection (the "Service") issued its Decision No. 6 On Practice of Implementation the Personal Data Protection Law with Respect to Data Processing on the Web-Resources (the "Decision").
Under the Decision, while examining some Ukrainian websites the Service has detected the following defects/infringements:
- In the process of data collection, the data subject was not informed about the database owner, scope and content of personal data retained, his/her rights, the aim of data processing, and third parties to which the data are transferred;
- The scope of processed personal data is excessive in relation to the announced purpose of processing;
- The data processing policies were only published on the web-site, but not defined in the relevant internal documents of the database's owner as provided by law.
In view of the above, the Service, in particular, has decided to:
- Include verification of compliance by web-sources in the Service's regular audit plans;
- Consider companies involved in the processing of personal data on the web-resources for inclusion in the Service's inspection plans for II and III quarters of 2013.
For further information please contact partner Oleksandr Padalka
and associate Yulia Yanyuk