As reported by Bloomberg BNA, on January 13, 2014, Ukrainian Parliament Commissioner for Human Rights Valeriya Lutkovska (the “Ombudsman”) announced the adoption of new data protection regulations. The Ombudsman became the new data protection authority in Ukraine as of January 1, 2014, when amendments to abolish the previous data protection authority became effective. As we previously reported, Ukraine first passed personal data protection legislation in June 2010.
The new data protection regulations require data controllers to (1) notify data subjects of the processing of their personal data within 30 working days, and (2) notify the Ombudsman of the processing of “high risk data” that constitute a special risk to the rights and freedoms of data subjects. The Ombudsman may issue warnings to data controllers for failure to notify the Ombudsman of the processing of “high risk data.” In addition, the new data protection regulations provide for monitoring and audit compliance procedures pursuant to which the Ombudsman may conduct announced and unannounced audits.