An appropriate order no. 947/5 "On approval of Procedure of state control over personal data protection legislation compliance by the Personal Data Protection State Service of Ukraine" (further - Procedure) was issued on June 22nd, 2012.
The Procedure regulates Personal Data Protection State Service of Ukraine (hereinafter - PDPSS) activity during the state control over compliance with requirements of legislation on personal data protection by carrying out inspections, as well as regulates the mechanism of formalization and review of the audit results.
According to the Procedure control over compliance of personal data protection subjects is carried out by PDPSS by means of inspections, such as: planned, unplanned, field and non-field.
Inspections are carried out on the basis of the relevant order of PDPSS. The following should be determined in the PDPSS inspection order: the subject of the audit, date of beginning and date of finishing the inspection, the squad of the commission tasked to carry out the inspection with the definition of its chairman, as well as the legal basis of the audit.
Before starting the inspection PDPSS notifies the subject by a copy of the inspection order to his location or place of residence by registered mail 10 days prior to the inspection beginning. Period of inspection shall not exceed 10 working days, but may be extended by 5 working days. The first day of inspection is the arrival of the commission members for the audit. On the first day of inspection, the chairman of the commission provides the head of the subject or an authorized person with the plan of inspection.
In the case an inspection is non-field, PDPSS directs written request to the subject on providing documents required for the audit. The subject must, within the period determined in the request, provide PDPSS with duly certified copies of the documents specified in the request.
Upon the results of the audit commission issues the act of personal data protection legislation compliance in two copies in a form prescribed by the Procedure. In case of personal data protection law violations an authorized person of PDPSS draws up a protocol on administrative offense.
