The Ukraine Parliamentary Commissioner for Human Rights ('the Commissioner') announced, on 25 May 2022, that it had released recommendations on the protection of personal data in martial law. In particular, the Commissioner noted that the recommendations cover, among other things:

• possible restrictions on the human right to privacy and legal grounds for the processing of personal data by public authorities;
• responsibilities of owners and managers of personal data in relation to ensuring the protection of personal data;
• legal grounds for the processing of personal data by enterprises, institutions, and organisations engaged in independent professional activities to provide targeted charitable assistance to citizens;
• protection of personal data from cyber criminals; and
• protection of personal data from fraudulent actions.

In regard to the responsibilities of owners and managers to ensure the protection of personal data, the recommendations state that organisations should, among other things, determine the procedure for access to the personal data of employees, determine the procedure for keeping records of transactions related to the processing of personal data of data subjects and access to the same, develop an action plan in case of unauthorised access to personal data, damage to technical equipment, and emergency situations, as well as regularly train employees who work with personal data.

You can read the press release here and the recommendations here, both only available in Ukrainian.