It is not uncommon habit of Ukrainian businesses keeping data of personnel for up to 75 years – in line with Ukrainian legislation on company’ archives and filing. … 
Expensive habits
So GDPR might mean U-turn in personal data’ policies for Ukrainian companies. While industries as insurance, banking, security, trade (including FMCG) are sensitive to clientèle data. Many businesses prefer storing these data not only as revenue source, but for the sake of business security (and ‘burden of proof’). Yet under GDPR there is fine up to 20 mln Euro or 4% of violator’ annual revenue, in particular for failure to dispose of personal data once they are not needed. And for some businesses this “need” must be very well justified since 26 may 2018.
Expensive habit, could become to ‘know your client’.
To know with care
Starting 26 may 2018 GDPR is implemented in EU.
Might be a good thing, as it sets clear understandable – one -for-all set of obligatory rules protecting personal data of clients – EU residents. They say, these rules are so well written, that many businesses around the World take them as example for non-obligatory implementation. Thus, once implemented, GDPR rules protect businesses from privacy related legal risks.
Yet these rules are to be tested in courts and business solutions shall be tested by time.
Meanwhile, up to now some businesses decided to scrap communication with EU residents altogether. Those who may not afford it are looking for solutions. Majority of companies advertizing and marketing in EU came to trade-in: provision of free services (free access to site) in exchange for expressed client’ consent to use their personal information. For it is well known “presumption of client’ disagreement to allow cookies” which is implemented in majority of web-sites so far.
Virtual solutions and non-virtual EU representatives
Another obstacle is prohibition of trans-border transfer of EU’ residents personal data. Here might be programming (soft-ware dev.) solutions as well as legal ones. Instead, international business might be forced to keep real representative in EU country of interest.
What I would expressly and specifically warn about – to handle with care available personal data of clients – EU residents, once they are collected in rightful manner.
For more information on GDPR legal issues for Ukrainian businesses in EU markets please refer to me, would be happy to help.
osakharova@gmail.com
