Protection of personal data

Extracts for legal literacy News

We live in the era of information technology, where most people often find the information they need in the search engines of internet resources. This allows people to significantly reduce the search time without much effort. However, in this regard, the issue of the protection of personal data acquires particular relevance.

What is personal data? What rights do citizens have and what liability is provided for violation of legislation on the protection of personal data?

Ensuring the protection of human rights and freedoms of a person when processing his personal data, including the protection of the rights to personal privacy, personal or family secret, is established by the DPR Law “On personal data”.

Thus, this Law regulates relations related to the processing of personal data carried out by the DPR state authorities, other state bodies, local authorities, legal entities and individuals using automation tools, including in information and telecommunication networks, or without using such means, if the processing of personal data without the use of such means corresponds to the nature of the actions (operations) performed with personal data with the use of automation tools, that is, it allows people to search in accordance with a given algorithm for personal data recorded on a tangible medium of expression and contained in card index or other systematized collections of personal data, and (or) access to such personal data.

Thus, personal data is any information relating directly or indirectly to a specific or identifiable legal person (subject of personal data). Such data include: full name, passport data, TIN, date and place of birth, email address, marital status, place of study and work, address, education, profession, income, etc.

In turn, the subject of personal data is considered to be an individual to whom the personal data relates.

Consider the meaning of the term “personal data processing“, which means a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

In addition, according to the Law, the subject of personal data decides on the provision of his personal data and agrees to their processing freely, of his own free will and in his interest.

However, it is important to note that according to the current legislation, the processing of personal data is necessary for the exercise of the powers of executive bodies, bodies of state extra-budgetary funds, local governments and the functions of organizations involved in the provision of public services and services of local authorities.

Thus, it is not possible for the relevant authorities to carry out the necessary actions for the provision of public services in relation to individuals without a procedure for processing personal data. The DPR competent authorities, in order to be able to exercise their powers to provide public services, request the appropriate consent of an individual to process his personal data, which is not a limitation of the constitutional rights and freedoms of the latter. Also, on the basis of the Law, the processing of personal data is necessary to protect the life, health or other vital interests of the subject of personal data or the life, health or other vital interests of others.

That is why, in order to ensure the inadmissibility of unlawful processing of information relating directly or indirectly to a specific or identifiable individual (subject of personal data), it is necessary to certify the fact of his will.

In case of incapacity of the subject of personal data, consent to the processing of his personal data is given by his legal representative.

Also, for the purpose of information support, publicly available sources of personal data (including directories, address books) can be created. With the written consent of the subject of personal data, publicly available sources of personal data may include his full name, year and place of birth, address, directory number, information about the profession and other personal data reported by the subject of personal data, however, such data should be in any time are excluded from publicly available sources of personal data at the request of the subject of personal data or by decision of a court or other authorized state bodies.

However, the legislation of the Donetsk People’s Republic provides for cases when personal data can be used without the consent of an individual (subject of personal data) or a person authorized by him. This situation is possible only in those circumstances when it is necessary in the interests of national security, economic well-being and human rights.

Thus, in order to protect your right to personal privacy, personal and family secrets or any other information concerning you, as well as to avoid illegal processing, including illegal destruction or access to your personal data, we recommend with special responsibility and attention refers to the transfer of personal information to third parties.