The processing and storage of personal data is a complex area requiring deep legal knowledge. Due to violations in this area, companies can be fined or even start legal proceedings. To help those who work with personal data, we have analyzed this article’s central questions and misconceptions.
Table of Contents
Common Mistakes When Working With Personal Data
The most common mistakes that lead to fines and other problems are:
Mistake #1. You Can Download A Template From The Internet And Substitute Your Company Data
If ordinary employees with insufficient qualifications are engaged in the protection of PD, they do just that. However, these patterns are not universal. Most often, they are prepared to take into account the workflows of a particular company, which may only partially or not coincide with yours. Therefore, if you substitute your data, this in no way guarantees compliance with the requirements of 152-FZ.
Mistake #2. Transfer Of Personal Information To Third Parties Without The Prior Written Consent Of The Object
To Transfer PD to third parties, it is necessary to obtain not only the consent of the individual but also an agreement for processing by the third party itself. If there is a check, all such contracts must be presented. Otherwise, you will receive a fine.
Mistake #3. There Is No Clause On Responsibility For The Processing Of Personal Data
Suppose you transfer personal data to third parties. In that case, it is essential to specify the responsibility for their secure processing in the subcontract and ensure that the subcontractor also takes all necessary measures to ensure the security of information processing. It is also essential to organize a secure communication channel for data transfer.
Mistake #4. There Is No PD Processing Policy In The Public Domain
According to Roskomnadzor statistics, this violation is the most common. it is mandatory to ensure free access to the personal data processing policy. It should be posted on the site if PD is collected there (for example, if there is a feedback form). The absence of the Policy threatened a fine.
Mistake #5. There Is No Consent To The Processing Of Personal Data Or A Public Offer On The Official Website
Suppose an online store, services, and other companies sell products and services to customers or collect information about visitors. In that case, the absence of a consent form is fraught with a fine. In case of severe violations, they can even block the site. According to Roskomnadzor, this is the second most popular violation. Consent must strictly comply with the requirements of the current legislation of the Russian Federation, which are spelled out in Art. 9 152-FZ. In addition, the individual whose data you process must consent to the transfer of his data to third parties and cross-border transfer (if you do so). I agree that personal processing data does not meet all the requirements or is absent; sanctions are guaranteed to await you. Penalties are provided for the organization and the official.
Also Read: Keys To Successful Business Management