EU4DigitalUA hosted online training on personal data protection for Ukrainian companies

On November 5-6, the EU4DigitalUA project, funded by the European Union and implemented by FIIAPP, held an online training session focused on personal data protection as part of its “Data Protection” component. Organised in partnership with the Office of the Ombudsman of Ukraine, the training targeted representatives from businesses and private companies across Ukraine.

The two-day training introduced participants to the core concepts and principles of personal data processing, as well as practical organisational measures. Day one featured in-depth discussions on data processing principles, policy development, and procedural compliance to help companies meet legal requirements.

Maria Gaston Betran, FIIAPP Technical Institutional Coordinator for EU4DigitalUA, delivered a welcome address to over 60 participants: “Aligning Ukrainian legislation with the principles of the GDPR is not only a timely need but also an important step towards strengthening trust within the business environment and creating a transparent and secure digital space for all market participants. For every company, regardless of size, integrating data protection standards opens new opportunities for cooperation with international partners, enhances reputation, and increases customer loyalty.”

Andrii Nikolaev, a lawyer and key expert in personal data protection for the EU4DigitalUA FIIAPP project, provided an overview and explained the legislative regulation of personal data protection in Ukraine, possible threats to personal data protection, and how to address them.

“Data processing must be ethical and responsible. As technology advances, the volume of personal data collected grows, heightening the potential risk of privacy infringements. One of the key tasks of a personal data protection system is to establish the right balance that allows technology to evolve while ensuring safety and privacy,” Andrii Nikolaev stated.

The session continued with a presentation from Oleksandr Shevchuk, a candidate of legal sciences, a national expert on personal data protection for the EU4DigitalUA FIIAPP project, who gave a presentation on GDPR Compliance: ”There are six basic points that should be done at the organisational level so that customer data always feels safe. This is a general analysis of data processing activities, assessment of data breach risks, development of internal documentation, streamlining of personal data transfer procedures, appointment of professional training for the responsible person, and implementation of internal control rules.”

Day two opened with expert-led discussions on practical cases in personal data processing. Andrii Nikolaev addressed topics such as the further use of customer data (processing for a new purpose), data processing for marketing, cookies, tracking technologies, and essential considerations for tools like Google Forms and other cloud services. Oleksandr Shevchuk explored the transfer of personal data to third parties, legal concerns surrounding video surveillance with biometric facial recognition, and the implications of GDPR and Ukrainian regulations for companies entering the EU Digital Single Market.

The training concluded with insights from Oleksandr Marchenko, Head of the Department for Appeals and Personal Data Processing at the Information Rights Monitoring Department of the Secretariat of the Ukrainian Parliament Commissioner for Human Rights. He provided recommendations for engaging with regulatory bodies and preparing for audits and inspections, giving essential guidance for Ukrainian businesses aiming to enhance their data protection practices.

“In the period of martial law, the protection of personal data becomes even more urgent due to potential threats to data confidentiality. Today, access to personal information can be used as a tool of influence, abuse, or even a means to violate personal freedoms. Therefore, safeguarding personal data during martial law is not only about protecting privacy but also serves as a defence against potential threats that may arise from unauthorised access to this information. For the Secretariat of the Ukrainian Parliament Commissioner for Human Rights, educational efforts on this topic are crucial, and we pay great attention to it, because it plays a vital role in preventing human rights violations,” emphasised Oleksandr Marchenko.

This training underscored EU4DigitalUA’s and FIIAPP’s commitment to strengthening data protection standards and promoting Ukraine’s European integration by supporting the implementation of European integration reforms in the area of data protection.