The Law of Ukraine On Personal Data Protection, effective from 1 January 2011, requires legal entities to state register their personal databases. From 1 January 2012 officers of a legal entity who evade this state registration requirement may be subject to a fine ranging from UAH 8,500 to UAH 17,000 or even a prison sentence for misuse of data.

The data protection law's definition of personal data is fairly wide, defining it as any information or collection of information identifying or allowing identification of an individual.

The most common types of personal databases maintained by Ukrainian legal entities are employee personal databases and the personal databases of customers (counterparties) who are physical persons.

Any personal database must be registered with the State Register of Personal Databases and will be deemed registered upon issuance of a state registration certificate. Such registration is performed on request by submission of a notification.  

As well as being fined from UAH 8,500 to UAH 17,000, company officers failing to register databases may be prosecuted under criminal law for any illegal collection, storage, use, deletion, or dissemination of any confidential information about any person or illegal amendment of such information and be sentenced to punitive labor for up to two years, or arrest for up to six months, or imprisonment for up to three years.
Recently two draft laws have been submitted to the Parliament of Ukraine that, if adopted, may postpone the introduction of the above administrative and criminal liability.