How to prepare for the verification of Roskomnadzor for the implementation of the law "On Personal Data"

Step 1. Remember that such personal data

This is any information that relates to a specific person: cell phone number, the size of the salary, political beliefs, even photos on social networks, and information about the goods ordered from the online store last week.

Step 2. Make sure that the law applies to your company

It turned out that the Act applies to every company or entrepreneur. Companies receive data when employees a job, Service companies collect data of clients - physical persons.

As soon as the forms, files, and company services appear personal data, this article from the cognitive becomes a guide to action. The company stores personal data even when employees write in an internal social network that profess pastafarianstvo.

Step 3. Learn defeat scale and remove unnecessary

Understand what data the company has accumulated individuals. Often it is the workers and employees under contract, applicants vacancies and clients.

Understand what is the data and literally write down in a column. Employees: Full name, date of birth, the size of the salary. Customers: name, email address and home address.

Examine in what forms these data fall on what computers and what services the company they kept. Personal data penetrate anywhere.

If found unnecessary for us, feel free to get rid of. For two years, as a change of direct mail in the SMS-distribution - remove the email addresses of customers. Personnel officers still hold the resume of competitors over the past 15 years - under the knife.

Step 4. ask permission

Transfer the data to another company or to make them public only with the consent of the individual. Typical examples are: bank pays the money on the cards for salary project workers and courier company delivers orders to customers.

The use of special categories of personal data is possible only with written consent. This data on ethnicity, political or religious opinions or beliefs, health and sex life.

Transfer data to foreign counterparts - the same only with written consent. You can not do so if the counterparty is one of the 17 countries, approved by Order of Roskomnadzor number 274 from 15.03.2013. Leads the tourist business, and sent to the client in Croatia - take a written consent for the transmission of data in the company's hotels, a shuttle service.

Send advertising messages or make promotional calls - only with prior consent, otherwise Roskomnadzor and the FAS ogorchatsya. Enlist the client's consent when collecting contact information on the website or in paper form.

Step 5. Get a pack of local regulations

The results of the previous step are introduced into an internal regulation - a policy with respect to personal data processing.

152-FZ and the Labor Code require that the company has approved a policy, read it to workers and customers, too, could do it.

Printing at the information booth and a page on the site solve the problem.

If the company comes, checked want to get more than one policy. In this case, the law does not list the required local acts. Helps savvy, "Yandex" and the Google, service assistants or skilled contractors.

Step 6. Get accustomed to the site

Be sure to publish on the site policy regarding personal data processing, if collecting data through it. If not - also publish it to allocate a company in the eyes of customers and Roskomnadzor, which can check the availability of the company's website without any warning policy.

When collecting data through the site do not forget to refer to the policy and ask for customer permission to use the data. Ticking the form on the site - is also a sign of agreement.

Step 7. notify Roskomnadzor

152-FZ advised to send in a notice Roskomnadzor, the company uses the personal data.

The law lists a number of cases when it is not necessary, but it is better not to use exceptions.

Correctly apply the exception to the company difficult. Is not it easier to prove it to the supervisory authority, if he does not agree.

The notification is sent via the website or portal of public services Roskomnadzor, then by mail. The notification shall specify the details of the company and the information from the policy. Use the instructions on the site of Roskomnadzor, it will answer some of the questions on how to fill.

These steps will be enough to prepare for the exam, or "chain letters" from Roskomnadzor. Guarantee success in dealing with the supervisory authority can not but take reasonable measures worth today... or tomorrow. And Roskomnadzor lobbying for higher fines on the order.