20/02/2025
Held by the European project EU4DigitalUA in partnership with the Office of the Ombudsman of Ukraine, the conference was designed for representatives of Ukraine’s startup community
The two-day session provided practical guidance on preparing startups for the EU market, deepened participants’ understanding of Ukrainian and European data protection legislation, and outlined key organizational measures for ensuring compliance.
Day one featured in-depth discussions on personal data processing principles, the roadmap to GDPR (General Data Protection Reulation) compliance, and procedural requirements to help companies meet legal obligations. As Maria Gaston Betran, Technical Institutional Coordinator for the EU4DigitalUA , said “understanding these regulations not only helps avoid legal risks and financial penalties, but also builds credibility with international customers, investors, and partners.”
Yuliia Derkachenko, Representative for Information Rights of the Ukrainian Parliament Commissioner for Human Rights, emphasised Ukraine’s commitment to ensuring a high level of personal data protection under the Cooperation Agreement with Eurojust and European laws: “the custodians of such data must take responsibility for its protection at all stages of processing”. The regulation of personal data in the EU is based on the principles of legality, transparency and minimisation of data collection. Ukrainian companies should focus on these standards if they plan to operate in the European market. Personal data protection is not only a legal requirement, but also a matter of user trust. Companies that adhere to security standards gain a competitive advantage.
On the second day, participants also learned about the levels and criteria for imposing sanctions, reviewed real cases from the practice of European regulators, and discussed the opportunities that the EU Digital Single Market opens up for Ukrainian startups. “fines are not the main goal of regulation. European practice shows that sanctions are only a last resort, and the main focus is on ensuring that companies comply with transparent data processing rules” said Oleksandr Shevchuk, National Expert on Personal Data Protection of EU4DigitalUA.
As the experts emphasised, the GDPR has extraterritorial effect. This means that Ukrainian companies that process data of EU citizens or provide services to them are already obliged to comply with European requirements.
Additionally, attention was paid to the ethics of AI and privacy. According to Andrii Nikolaev, lead of the personal data protection area of EU4DigitalUA, GDPR and AI legislation should complement each other: “if personal data is used to train algorithms, companies must comply with strict requirements regarding their confidentiality”.
