On the 18th of March, associate partner Hillmont Partners Taras Tertychnyi gave a lecture for students of the Master’s Program at the Faculty of Law of the Kyiv-Mohyla Academy. He told about the basic concepts of the European Parliament’s Personal Data Protection Regulation (GDPR) and the peculiarities of the work of Ukrainian companies after it entered into force in May 2018.
According to Taras Tertychnyi, the topic of the Regulation compliance is becoming more and more relevant for Ukrainian companies, which are conducting their business internationally. ”The first practice of GDPR usage by European supervisory authorities indicates that everybody can be fined (or warned – depends on the luck) and it doesn’t matter whether it’s either owners of stores, which install security cameras incorrectly, or adtech companies, which link the buyer’s location to a specific store using data, received from the buyer’s smartphone”.
Therefore, Ukrainian companies should determine whether they process the data of EU residents, and if yes, they need to operate in accordance with GDPR requirements. Taras Tertychnyi mentioned that for large-scale violations of the Regulation norms, a liability is up to 20 million euros or up to 4% of the annual turnover of the delinquent company.
Currently there are no penalties for Ukrainian companies, but there are the first victims among international, in particular American, companies. In January 2019, the French data protection authority (CNIL) fined Google for 50 million euros for violating GDPR requirements.