“The physical location of the database is on servers owned by the company providing hosting services, Imyarek. The legal address of the company Imyarek is such and such. Most likely somewhere like that.

Today I consulted with the SBU, together with a friend (who is writing a program for accounting for a utility company).
If the online store contains only full name, phone number, email and delivery address, then such a database does not fall under registration. Gets only if the address of registration is used in the database, the delivery address is not.
But if there is a registration address here, kapets. It is necessary to use certified equipment, software, etc. The Law on the Approval of the Rules for the Security of Protection of Information in Information, Telecommunication and Information and Telecommunication Systems is applied . In general, the cap is complete.
The SBU is currently conducting preventive visits in which they recommend what needs to be done. If you have any questions, please contact them directly.

Firstly: what does the SBU have to do with it in general? A separate service has been created to protect personal data.
You are not a utility company, so how morons from the SBU mock utility workers does not concern you.
Further, the law says that you must take the necessary measures to protect personal information, but what measures are not indicated. That is, it is up to you.
You should not worry about liability yet - according to the latest changes in the first half of 2012, there will be no penalties, even if you do not register your base at all. If the cretins from BP do not have time to clarify all the controversial points of the law before the end of June, then irresponsibility will last until 2013