Regulations on the processing and protection of personal data of employees. How to draw up a statement on personal data of employees

I APPROVED _____________________________________ (name of the position of the head of the enterprise) ____________________________________ (full name, signature) "__"___________ ___ g.

REGULATIONS on the processing and protection of personal data of employees 1

1. GENERAL PROVISIONS

1.1. This Regulation establishes the procedure for receiving, recording, processing, accumulating and storing documents containing information related to the personal data of employees of the enterprise. Employees mean persons who have entered into employment contract with the enterprise.

1.2. The purpose of this Regulation is to protect the personal data of enterprise employees from unauthorized access and disclosure. Personal data is always confidential, strictly protected information.

1.3. The basis for the development of this Regulation is the Constitution of the Russian Federation, the Labor Code of the Russian Federation, and other current regulatory legal acts of the Russian Federation.

1.4. This Regulation and amendments to it are approved by the head of the enterprise and are introduced by order of the enterprise. All employees of the enterprise must be familiarized with this Regulation and amendments to it.

2. CONCEPT AND COMPOSITION OF PERSONAL DATA

2.1. Personal data of employees means information required by the employer in connection with labor relations and relating to a specific employee, as well as information about the facts, events and circumstances of the employee’s life, allowing him to be identified.

2.2. Composition of the employee’s personal data:

Autobiography;

Education;

Information about labor and general experience;

Information about your previous place of work;

Information about family composition;

Passport details;

Information about military registration;

Information about wages employee;

Information about social benefits;

Speciality;

Position held;

Salary amount;

Having a criminal record;

Residence address;

Home phone;

Originals and copies of orders for personnel;

Personal files and work records of employees;

Grounds for orders regarding personnel;

Copies of reports sent to statistical authorities;

Copies of education documents;

results medical examination for fitness for implementation labor responsibilities;

Photos and other information related to the employee’s personal data;

A person’s belonging to a specific nation, ethnic group, race;

Habits and hobbies, including harmful ones (alcohol, drugs, etc.);

Marital status, presence of children, family ties;

Religious and political beliefs (belonging to religious denomination, membership in political party, participation in public associations, incl. in a trade union, etc.);

Financial situation (income, debts, ownership of real estate, cash deposits, etc.);

Business and other personal qualities that are evaluative in nature;

Other information that may identify a person.

From this list, the employer has the right to receive and use only that information that characterizes the citizen as a party to the employment contract.

2.3. These documents are confidential. The confidentiality regime of personal data is lifted in cases of depersonalization or upon expiration of ____ years of storage period, unless otherwise specified by law.

3. OBLIGATIONS OF AN EMPLOYER

3.1. In order to ensure the rights and freedoms of man and citizen, the employer and his representatives, when processing the employee’s personal data, are obliged to comply with the following general requirements:

3.1.1. Processing of an employee’s personal data may be carried out solely for the purpose of ensuring compliance with laws and other regulations, assisting employees in employment, training and promotion, ensuring the personal safety of employees, monitoring the quantity and quality of work performed and ensuring the safety of property.

3.1.2. When determining the scope and content of an employee's personal data to be processed, the employer must be guided by the Constitution of the Russian Federation, the Labor Code of the Russian Federation and other federal laws.

3.1.3. All personal data of the employee should be obtained from him or her. If the employee’s personal data can only be obtained from a third party, then the employee must be notified about this in advance and written consent must be obtained from him. The employer must inform the employee about the purposes, intended sources and methods of obtaining personal data, as well as the nature of the personal data to be obtained and the consequences of the employee’s refusal to give written consent to receive it.

3.1.4. The employer does not have the right to receive and process the employee’s personal data about his political, religious and other beliefs and private life. In cases directly related to labor relations issues, in accordance with Art. 24 of the Constitution of the Russian Federation, the employer has the right to receive and process data about the private life of an employee only from his written consent.

3.1.5. The employer does not have the right to receive and process the employee’s personal data about his membership in public associations or his trade union activities, except in cases provided for by federal law.

3.1.6. When making decisions affecting the interests of an employee, the employer does not have the right to rely on the employee’s personal data obtained solely as a result of their automated processing or electronic receipt.

3.1.7. Protection of an employee’s personal data from unlawful use or loss must be ensured by the employer at his expense in the manner prescribed by federal law.

3.1.8. Employees and their representatives must be familiarized, against signature, with the company’s documents establishing the procedure for processing personal data of employees, as well as their rights and responsibilities in this area.

3.1.9. Employees should not waive their rights to maintain and protect secrets.

4. RESPONSIBILITIES OF AN EMPLOYEE

The employee is obliged:

4.1. Transfer to the employer or his representative a set of reliable documented personal data, the list of which is established by the Labor Code of the Russian Federation.

4.2. Promptly, within a reasonable period of time, not exceeding 5 days, inform the employer about changes in your personal data.

5. EMPLOYEE RIGHTS

The employee has the right:

5.1. On full information about your personal data and the processing of this data.

5.2. Free free access to your personal data, including the right to receive copies of any record containing the employee’s personal data, except in cases provided for by the legislation of the Russian Federation.

5.3. Access to medical information through a medical professional of your choice.

5.4. Request the exclusion or correction of incorrect or incomplete personal data, as well as data processed in violation of the requirements specified labor legislation. If the employer refuses to exclude or correct the employee’s personal data, he has the right to declare in writing to the employer his disagreement with the appropriate justification for such disagreement. The employee has the right to supplement personal data of an evaluative nature with a statement expressing his own point of view.

5.5. Require the employer to notify all persons who were previously provided with incorrect or incomplete personal data of the employee about all exceptions, corrections or additions made to them.

5.6. Appeal to court any unlawful actions or inaction of the employer in the processing and protection of his personal data.

5.7. Identify your representatives to protect your personal data.

6. COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA

6.1. Processing of an employee’s personal data is the receipt, storage, combination, transfer or any other use of an employee’s personal data.

6.2. All personal data of the employee should be obtained from him or her. If the employee’s personal data can only be obtained from a third party, then the employee must be notified about this in advance and written consent must be obtained from him.

6.3. The employer must inform the employee about the purposes, intended sources and methods of obtaining personal data, as well as the nature of the personal data to be obtained and the consequences of the employee’s refusal to give written consent to receive it.

6.4. The employee provides the employer with reliable information about himself. The employer verifies the accuracy of the information by comparing the data provided by the employee with the documents available to the employee. An employee's submission of false documents or false information when applying for a job is grounds for termination of the employment contract.

6.5. When applying for a job, the employee fills out a questionnaire and autobiography.

6.5.1. The questionnaire is a list of questions about the employee’s personal data.

6.5.2. The questionnaire is filled out by the employee independently. When filling out the questionnaire, the employee must fill out all its columns, give complete answers to all questions, and avoid making corrections or crossing-outs, dashes, or blots in strict accordance with the entries contained in his personal documents.

6.5.3. Autobiography is a document containing a description in chronological sequence the main stages of life and activity of the hired employee.

6.5.4. Autobiography is compiled in free form, without blots or corrections.

6.5.5. The employee's questionnaire and autobiography must be kept in the employee's personal file. The personal file also stores other personal records related to the employee’s personal data.

6.5.6. The employee’s personal file is drawn up after the hiring order is issued.

6.5.7. All documents of the personal file are filed in the cover of the sample established at the enterprise. It indicates the last name, first name, patronymic of the employee, and personal file number.

6.5.8. Each personal file is accompanied by two color photographs of the employee, size ______.

6.5.9. All documents received in a personal file are located in chronological order. Sheets of documents filed in a personal file are numbered.

6.5.10. The personal file is maintained throughout labor activity employee. Changes made to a personal file must be confirmed by relevant documents.

7. TRANSFER OF PERSONAL DATA

7.1. When transferring personal data of an employee, the employer must comply with the following requirements:

Do not disclose the employee’s personal data to a third party without the employee’s written consent, except in cases where this is necessary in order to prevent a threat to the life and health of the employee, as well as in cases established by federal law;

Do not disclose the employee’s personal data for commercial purposes without his written consent;

Warn persons receiving the employee's personal data that this data can only be used for the purposes for which it was communicated, and require these persons to confirm that this rule is observed. Persons receiving employee personal data are required to maintain confidentiality. This provision does not apply to the exchange of personal data of employees in the manner established by federal laws;

Allow access to personal data of employees only to specially authorized persons, while these persons should have the right to receive only those personal data of the employee that are necessary to perform specific functions;

Do not request information about the employee’s health status, with the exception of information that relates to the issue of the employee’s ability to perform a job function;

Transfer the employee’s personal data to employee representatives in the manner established by the Labor Code of the Russian Federation, and limit this information only to those employee personal data that are necessary for the said representatives to perform their functions.

8. ACCESS TO EMPLOYEE PERSONAL DATA

8.1. Internal access (access within the enterprise).

The following have the right to access employee personal data:

Head of the enterprise;

Head of HR Department;

Heads of structural divisions in the area of ​​activity (access to personal data only of employees of their division) in agreement with the head of the enterprise;

When transferring from one structural unit to another, the head of the new unit may have access to the employee’s personal data in agreement with the head of the enterprise;

Accounting employees - to the data that is necessary to perform specific functions;

The employee himself, the data carrier.

8.2. External access.

Personal data outside the organization may be submitted to government and non-government functional structures:

Tax inspectorates;

Law enforcement agencies;

Statistical authorities;

Insurance agencies;

Military registration and enlistment offices;

Social insurance authorities;

Pension funds;

Divisions of municipal government bodies.

8.3. Other organizations.

Information about an employee (including a dismissed employee) can be provided to another organization only with a written request on the organization’s letterhead accompanied by a copy of the employee’s application.

8.4. Relatives and family members.

Personal data of an employee can be provided to relatives or members of his family only with written permission the employee himself.

9. PROTECTION OF PERSONAL DATA OF EMPLOYEES

9.1. In order to ensure the safety and confidentiality of the personal data of the organization’s employees, all operations for registration, generation, maintenance and storage of this information must be performed only by personnel department employees who carry out this work in accordance with their official responsibilities as stated in their job descriptions.

9.2. Responses to written requests from other organizations and institutions, within the limits of their competence and granted powers, are given in writing on the company’s letterhead and to the extent that allows not to disclose an excessive amount of personal information about the company’s employees.

9.3. Transferring information containing information about the personal data of the organization’s employees by telephone, fax, or e-mail without the written consent of the employee is prohibited.

9.4. Personal files and documents containing personal data of employees are stored in locked cabinets (safes) that provide protection from unauthorized access.

9.5. Personal computers containing personal data must be protected with access passwords.

10. RESPONSIBILITY FOR DISCLOSURE OF INFORMATION RELATED TO EMPLOYEE’S PERSONAL DATA

10.1. Persons guilty of violating the rules governing the receipt, processing and protection of employee personal data bear disciplinary, administrative, civil or criminal liability in accordance with federal laws.

Personal data is various types of information that relates to a specific to an individual(Clause 1, Article 3 of the Federal Law of July 27, 2006 No. 152-FZ). Like any other information, personal data is processed, i.e. it is collected, systematized, accumulated, stored, transferred, destroyed, etc. To ensure that the processing of personal data does not violate the rights and freedoms of citizens, incl. rights to privacy, personal and family secret, proper protection of personal data is required. This topic is relevant for all employers, because they, in fact, are constantly processing certain personal data of their employees. This includes, for example, the employee’s passport details or his residence address, information about the employee’s education or experience, information about wages or Family status employee, etc. The importance of this area is confirmed by the fact that in the Labor Code of the Russian Federation a separate chapter is devoted to the protection of personal data of employees - Ch. 14 “Protection of employee personal data.” We will tell you about the protection of personal data in organizations in our consultation and provide a sample of the Regulations on the protection of personal data of employees 2017.

Policy for the processing and protection of personal data of employees

General requirements to the processing of employee personal data, as well as issues of personal data protection at the enterprise are contained in Art. 86 Labor Code of the Russian Federation.

Thus, the Labor Code of the Russian Federation establishes, in particular, the following aspects of the processing and protection of personal data:

  • the processing of employee personal data is carried out only for the purpose of complying with the legislation of the Russian Federation, assisting employees in finding employment, obtaining education and career advancement, ensuring the personal safety of employees, monitoring the quantity and quality of work performed and ensuring the safety of property;
  • All personal data of the employee must be obtained from him. If any personal data of an employee can only be obtained from a third party, the employee must be notified in advance and written consent must be obtained from him;
  • the employer must, at his own expense, ensure the protection of the employee’s personal data from unlawful use or loss;
  • The employer must, against signature, familiarize employees and their representatives with the procedure for processing personal data of employees, as well as with their rights and obligations in this area.

At the same time, the requirements for the protection of personal data of employees cannot be considered in isolation from the issues of transfer of personal data. Thus, when transferring an employee’s personal data, the employer is obliged to comply with certain requirements.

These, in particular, include (Article 88 of the Labor Code of the Russian Federation):

  • By general rule do not disclose the employee’s personal data to a third party without the written consent of the employee;
  • warn persons who receive the employee’s personal data that these data can only be used for the purposes for which they were communicated;
  • transfer personal data of an employee within one organization in accordance with local regulations, with which the employee must be familiarized with signature;
  • allow access to personal data of employees only to specially authorized persons;
  • do not request information about the employee’s health status (except in cases related to checking the employee’s ability to perform a job function).

At the same time, the employee’s consent to the transfer of personal data is not always required. Thus, consent is not required when the transfer of personal data is necessary to prevent a threat to the life and health of an employee (paragraph 2 of Article 88 of the Labor Code of the Russian Federation) or is necessary on the basis of other Federal laws(this includes, for example, information from the Pension Fund, Social Insurance Fund, tax authorities, etc.).

Responsibility for violation of personal data protection requirements

Responsibility for violations of requirements for the processing and protection of employee personal data is varied. It concerns both employees and the employer himself.

For example, an employee may be fired for disclosing the personal data of another employee that became known to him while performing his job duties. After all, it will be considered gross violation the employee of his labor duties (clause “c” of paragraph 6 of Article 81 of the Labor Code of the Russian Federation).

And, for example, the processing of personal data in cases not provided for by the legislation of the Russian Federation may entail a fine of officials from 5,000 to 10,000 rubles, and for the employing organization - from 30,000 rubles to 50,000 rubles (Part 1 of Article 13.11 of the Code of Administrative Offenses of the Russian Federation).

Please note that fines have increased significantly since July 1, 2017. If previously the maximum fine for an organization for violating the procedure for collecting, storing, using or distributing personal data was 10,000 rubles, then from July 1, 2017 it increased to 75,000 rubles.

Personal Data Protection Regulation 2017: Sample

Considering that employees have the right to full information about their personal data and the processing of this data, the employer is obliged to familiarize them with the relevant documents (paragraph 2 of article 89 of the Labor Code of the Russian Federation). For these purposes, a Regulation on the Protection of Personal Data can be developed, with which the employer is obliged to familiarize all newly hired employees.

Here are the Regulations on the processing and protection of personal data, posted in the legal reference system ConsultantPlus.

Simply put, personal data is information about a person. Law No. 152-FZ of July 26, 2006 gives a longer formulation, where a person is called a subject, which is determined according to clear criteria legal norms. The issue is also regulated by Chapter 14 Labor Code Russian Federation and the Constitution of the Russian Federation.

First of all, the topic is important for employers, since labor relations are directly related to the processing of personnel information. That is why each enterprise approves Regulations on working with personal data of employees. This data includes:

  • place of residence (registration);
  • phone number;
  • information about the identity document;
  • income (salary, taxes);
  • presence of children;
  • Family status;
  • education;
  • health status;
  • number of years worked (experience).

By approving the Regulations on the processing and protection of personal data, you can supplement or detail the list.

Personal Data Protection Regulations 2019

If we refer to Art. 87 of the Labor Code of the Russian Federation and Article 81.1 of Federal Law 152, there is no direct indication of the procedure for processing work with employee data. The rules simply indicate the need to regulate such operations. The most common method in practice is the publication of the corresponding internal document. A sample of the Personal Data Regulations - 2019 can be downloaded after reading the article.

The local act is approved by order of the enterprise and must be brought to the attention of employees. In addition to familiarizing yourself with the local act itself, employees sign consent to processing. Processing is the collection, systematization, accumulation, storage, transmission, destruction of information. Most Operations are carried out by a specialist from the HR department.

The purpose of the local act is to protect personal and family secrets and ensure privacy. Based on these principles, it is necessary to reflect the following in the local document:

  • types of PD;
  • actions that are performed with this data;
  • who and how has access to protected information;
  • responsibilities of persons carrying out processing;
  • responsibility for disclosure.

Sample Regulations on Personal Data of Employees - 2019

Access to the information

Of course, the operator (the one who carries out the processing) has access to the information. The subject himself has the right to contact the operator for information, including with a request to clarify, change or supplement it. The information is provided by the operator in an accessible form, and it should not contain information about other persons.

Article 14 of Federal Law No. 152 contains an exception when the PD subject’s access to his data may be limited. We are talking about cases of legalization of criminally obtained Money, when the data was obtained during the operational investigation, and other cases.

Responsibility

If information restricted in dissemination was communicated to other persons, then the guilty citizens will be held liable in the form of a fine in the amount of 500 or 1000 rubles. Officials will pay from 4,000 to 5,000 rubles for data leakage, according to Art. 13.14 Code of Administrative Offenses of the Russian Federation.

To prevent employees of your company from committing such violations, publish local act and monitor its compliance. If you need a sample Regulation on the processing of personal data of employees, you can download it in our article.

In addition, you may be fired for disclosing personal data, since this information is classified as protected by law. The basis (article) for termination of employment relations is subparagraph “c”, paragraph 6, part 1, article 81 of the Labor Code of the Russian Federation.

The regulation on personal data of employees is an internal local act of the organization, the presence of which is the focus of inspections carried out by Roskomnadzor. Therefore, many companies are puzzled by the question of how to develop a regulation on the protection of personal data (2019), if they did not previously have such a document. In this article we will tell you what to look for Special attention during its development in order to prevent violations of the law.

If I break the law

Employers began to receive letters from Roskomnadzor en masse warning that during an inspection of the company they could receive serious fines for violating the provisions of Law No. 152-FZ dated July 27, 2006 (hereinafter referred to as the Law). According to it, the employer is obliged to guarantee the protection of such information from unlawful access and use by third parties. The regulation on working with personal data of employees helps solve these problems.

On February 23, 2019, Government Resolution No. 146 of February 13, 2019 came into force, which approved the Rules for the organization and implementation of state control and supervision over the processing of personal data. According to the document, scheduled inspections will be carried out every 2-3 years, and the list of companies subject to control can be seen in advance on the Roskomnadzor website. As is the case with other types of control, inspectors will have to warn about the planned visit. If the inspection is scheduled, then you must notify about it 3 working days in advance, and if it is unscheduled - 24 hours in advance.

For violation of the Law, disciplinary, material, administrative and criminal liability is provided. Supervisory authorities may bring administrative liability under Art. 13.11 and 13.14 Code of Administrative Offences, fines are:

  • for officials: from 500 to 1000 rubles;
  • for an organization: from 5,000 to 10,000 rubles;
  • for officials in connection with the performance of official or professional duties: from 4,000 to 5,000 rubles.

The most common violations, according to inspectors, are the processing of personal data without the consent of their owner or with violations, failure to comply with the requirement to destroy personal information, and violation of the conditions for storing such information.

What is personal data

This is any information necessary for the employer when establishing an employment relationship that concerns an employee. For example, last name, first name, patronymic, date and place of birth, place of residence, etc.

Examples of documents containing personal data include:

  • employee card containing full name persons, information about family composition, education;
  • employment history with experience from previous places of work;
  • diplomas, certificates of education;
  • employment contract.

It is prohibited to receive and process data that is not directly related to work activities. For example, information about religion, nationality, and political affiliation. This information obtained exclusively from the employees themselves. These conditions must be included in the provisions on the processing and protection of personal data. Employers are required to notify the employee and obtain his written consent to the processing, storage, use and distribution of his data.

Store data correctly

Personal data of employees is contained in their personal cards and personal files. The law obliges everyone specific enterprise develop rules for the use and storage of data about their employees.

The provision on the protection of personal data can be either a separate document or a section included in current Rules internal labor regulations.

To maintain the confidentiality of information about people working in the organization, a list of officials who have access to it is compiled. The order appoints a person responsible for the collection, storage and processing of confidential data. Employees, managers, CEO enterprises sign a Non-Disclosure Agreement.

Information about personal data of employees at an enterprise can be stored both in paper and in in electronic format. Nowadays, such information is most often stored in a mixed way.

Sample regulations on personal data of employees (2019) and its development

At the first stage of development, it is necessary to determine what data is used in the company, how it is received, stored, and processed.

To draw up organizational documents, general rules are used: the name of the organization, date and number of the document are indicated in the header, in the right top corner place the approval stamp.

The provision includes the following information:

  • goals and objectives of the enterprise when working with confidential data;
  • lists of such data;
  • description of operations with data that are often used in the enterprise;
  • methods of accessing data;
  • lists and responsibilities of company personnel when using information;
  • rights of company employees to access information;
  • responsibility of enterprise employees for disclosure of information.

The regulations are approved by order of the head of the company. A sample regulation on the processing of personal data of employees should be available to all employees for review. They should put their signature on a sheet or logbook, which, as a rule, is kept by the employer's personnel department. The magazine is a list of company employees, where everyone signs after reading this local act.

As of July 1, 2017, changes to Art. 13.11 Code of Administrative Offenses of the Russian Federation on administrative liability for violation of legislation on personal data of individuals. Since the amendments affect everyone who uses personal data, we will consider these innovations in our article.

Processing of personal data – 2017

Personal data is any information directly or indirectly related to a specific individual (name, residential address, date of birth, passport details, telephone number, photo, address Email, etc.). An organization, government agency or individual that collects and processes personal data is called an operator (Law on Personal Data dated July 27, 2006 No. 152-FZ). These include employers, as well as everyone who receives personal data from citizens - medical institutions, educational establishments, online stores, etc.

For the employer, such data is necessary in connection with employment relations. They can only be received personally from the employee himself, and from third parties - with his written consent. The individual gives written consent to the processing of personal data. The form is not approved by law; you can draw it up yourself, taking into account the requirements of paragraph 4 of Art. 9 of Law No. 152-FZ (Clause 3, Part 1, Article 86 of the Labor Code of the Russian Federation, Clause 1, Article 9 of Law 152-FZ).

Consent to the processing of personal data (sample)

It is unacceptable to collect and process personal data of an employee that is not related to his work activity, for example, about participation in public associations, religion, personal life and so on. The same applies to other operators who request data that is not related to the purpose of their processing (for example, indicating passport data in a questionnaire about assessing the site’s performance). The received data should not be disclosed to third parties or distributed without the consent of the individual (Article 7 of Law No. 152-FZ).

The operator is obliged to provide adequate protection to the data, for which it establishes the procedure for their receipt, processing and storage in the Regulations on Personal Data or other internal normative act. The document defines necessary measures, and a person responsible for processing is appointed. Access to such data should be allowed only to authorized persons, and they have the right to receive only the information necessary to perform specific functions (Article 88 of the Labor Code of the Russian Federation, Article 18.1 of Law No. 152-FZ).

The regulations on personal data or another document on the policy for their processing are in the public domain and are presented at the request of authorized bodies - this applies to both employers and other operators (Parts 2 and 4 of Article 18.1 of Law No. 152-FZ).

Personal data – 2017: new in administrative responsibility

Law No. 13-FZ dated 02/07/2017 was adopted new edition Article 13.11 of the Code of Administrative Offenses of the Russian Federation. If previously the article contained one single element - violation of the Federal Law on personal data, now it is a whole list of seven grounds for administrative liability and, accordingly, various fines. It is likely that if several violations are detected by one operator, he will face several fines, not just one.

Also, Articles 28.3 and 28.4 of the Code of Administrative Offenses of the Russian Federation have undergone changes, simplifying the process of bringing operators to justice: from 07/01/2017, protocols on violations of Law 152-FZ on personal data are drawn up by Roskomnadzor employees, and not by the prosecutor, as before. The period for bringing to justice remained the same - 3 months.

What are they fined for now?

So, here are the grounds on which entrepreneurs and organizations processing personal data can now be held administratively liable:

  • Data is processed in cases not provided for by the Federal Law on personal data or their processing is incompatible with the purposes of collection (Part 1 of Article 13.11 of the Code of Administrative Offenses of the Russian Federation). Illegal use personal data, if it does not entail criminal liability, threatens with a warning or a fine: for individuals in the amount of 1000-3000 rubles, for officials - 5000-10 000 rubles, for organizations - 30 000-50 000 rubles.
  • Processing of data without written consent required by law (clause 2 of article 13.11 of the Code of Administrative Offenses of the Russian Federation). Consent to processing must contain the information specified in Part 4 of Art. 9 of Law 152-FZ on personal data. The 2017 changes provide for a fine for its absence from July 1 in the following amount: for violators of individuals - 3,000-5,000 rubles, for officials - 10,000-20,000 rubles, for organizations - 15,000-75,000 rubles.
  • Lack of unlimited access to the operator’s policy in the field of processing personal data (clause 3 of article 13.11 of the Code of Administrative Offenses of the Russian Federation). The obligation to provide access is established in clause 2 of Art. 18.1 of Law 152-FZ on personal data. The inability to familiarize yourself with such a document on paper or on a website, if the data is collected via the Internet, will cost operators: 700-1500 rubles. - individuals, 3000-6000 rubles. – officials, 5,000-10,000 rubles. – Individual entrepreneur, 15,000-30,000 rubles. – organizations, and in best case scenario Everything will be done with a warning.
  • Failure to provide a person with information regarding the processing of his personal data (clause 4 of article 13.11 of the Code of Administrative Offenses of the Russian Federation). The procedure for requesting such information is prescribed in Article 14 of Law 152-FZ. Changes from 07/01/2017 are as follows: violation is subject to a warning or a fine of 1000-2000 rubles. – individuals, 4000-6000 rubles. - officials, 10,000-15,000 rubles. – Individual entrepreneur, 20,000-40,000 rub. – organizations.
  • Failure to comply within the established time frame with the requirement to block, change or destroy personal data (Clause 5 of Article 13.11 of the Code of Administrative Offenses of the Russian Federation). An individual or his representative may make such demands if the data is incomplete, inaccurate, obtained in violation of the law, or is out of date, this is established by Article 21 of the Law on Personal Data No. 152-FZ. Violators will receive a warning or a fine: 1000-2000 rubles. for individuals, 4,000-10,000 rubles. officials, 10,000-20,000 rubles. – Individual entrepreneur, 25,000-45,000 rubles. organizations.
  • Failure to comply with the conditions ensuring the safety of personal data during non-automated processing (Clause 6, Article 13.11 of the Code of Administrative Offenses of the Russian Federation). This applies to “paper” data, unauthorized access to which has caused its destruction, damage, illegal distribution, etc. Failure to ensure personal data protection in 2017 entails a fine of 700-2000 rubles. for citizens, 4,000-10,000 rubles. for officials, 10,000-20,000 rubles. for individual entrepreneurs and 25,000-50,000 rubles. for organizations.

These are the changes in the protection of personal data in 2017, effective from July 1. As we can see, the offenses have become more specific, and the fines for operators have become noticeably tougher.