Protection of personal data in the enterprise. How to draw up a regulation on the personal data of employees

Personal data is “any information relating to an identified or identifiable natural person”. This concept covers almost all the information that the employer operates on: the date of birth of the employee, marital status, education, home address, etc. This data is stored in personal cards, is actively used in employment contracts and contracts, orders, payslips, pay slips, applications and many other documents.

An employer can receive personal data only first-hand, that is, from the person himself. If it is not possible to personally collect information, it can be obtained through third parties, but with the consent of the employee himself. At the same time, he should explain for what purpose the information is collected, how it will be used and what will happen if the employee refuses to give his consent to the collection and processing of information about himself.

Legislation limits the list of situations when an employer can collect data. Among the main ones are:

preservation of life and health of subordinates;
assistance in employment and education;
assistance career growth;
control over the performance by the employee of his labor functions;
security material assets;
enforcement of laws.

Responsibility for violations in the work with personal data

From July 1, 2017, liability for errors in this area will seriously increase. The list of violations for which the employer can be held liable has been significantly expanded, and in addition, the amount of fines has been increased. Such changes are contained in the Federal Law “On Amendments to the Code Russian Federation on administrative offences. Instead of one kind administrative responsibility which was provided for by Art. 13.11, there are now seven types in the Code of Administrative Offenses of the Russian Federation, and each has its own fines:

Use of personal data for purposes not provided for by law. Administrative punishment - warning or fine: for individuals from 1,000 to 3,000 rubles, for officials - from 5,000 to 10,000 rubles, for legal entities- from 30,000 to 50,000 rubles.
Processing personal data without the consent of the employee. This also includes cases where the consent signed by the employee does not contain a list of information provided for in Part 4 of Art. 9 of the law. Administrative punishment - fines: for individuals - from 3,000 to 5,000 rubles, for officials - from 10,000 to 20,000 rubles, for legal entities - from 15,000 to 75,000 rubles.
Violation of the regime of access to the policy of the organization for the processing of personal data. The employer is obliged to publish in public sources a document that outlines its policy in the field of protecting the personal information of employees. This is provided for in paragraph 2 of Art. 18.1 of Law No. 152-FZ of July 27, 2006, and from July 1 it will be a separate offense that entails liability in the form of a warning or fines: for individuals - from 700 to 1,500 rubles, for officials - from 3,000 to 6,000 rubles, for individual entrepreneurs - from 5,000 to 10,000 rubles. and for legal entities - from 15,000 to 30,000 rubles.
Hiding information from the employee about the purposes, terms and methods of collecting, storing and processing information, about third parties who will work with personal information on behalf of the employer, etc. In such cases, the employer receives a warning or pays a fine: individuals - from 1,000 up to 2,000 rubles, officials - from 4,000 to 6,000 rubles, individual entrepreneurs - from 10,000 to 15,000 rubles, legal entities - from 20,000 to 40,000 rubles.
The refusal of the employer to block or destroy personal data in accordance with Art. 21 . Administrative responsibility - a warning or a fine: for individuals - from 1,000 to 2,000 rubles, for officials - from 4,000 to 10,000 rubles, for individual entrepreneurs - from 10,000 to 20,000 rubles, for legal entities - from 25,000 to 45,000 rubles
Lack of automation tools for storing personal data, storing information only in paper form. If such an employer has allowed the destruction, leakage, unauthorized copying and / or distribution of the employee's personal data, a fine is imposed on him: for individuals - from 700 to 2,000 rubles, for officials - from 4,000 to 10,000 rubles, for individual entrepreneurs - from 10,000 to 20,000 rubles, for a legal entity - from 25,000 to 50,000 rubles.
Non-compliance or violation of the procedure for depersonalization of data by employees of state and municipal authorities (Order of Roskomnadzor "On approval of requirements and methods for the depersonalization of personal data"). Administrative responsibility in this case threatens the official in the form of a warning or a fine of 3,000 to 6,000 rubles.

Legislation allows you to summarize fines for various violations, so mistakes or careless attitude to information about employees can be very costly for the employer. And besides, from July 1, 2017, it is allowed to initiate administrative cases regarding the handling of personal data without the participation of a prosecutor - Roskomnadzor officials will be able to initiate them (clause 58, part 2, article of the Code of Administrative Offenses of the Russian Federation).

Complying with the requirements of the law will help a properly drawn up Regulation on personal data, which should consolidate the norms of the law and specify them for the organization.

How to draw up a Regulation on personal data

The law does not stipulate the name, structure and mandatory content of the document, the employer has the right to determine how the Regulation will look like. When developing a document, the head of the organization and specialists personnel service must be based on the above Federal Law, as well as on Art. Labor Code RF.

The Regulation on personal data should reflect:

General provisions: goals and objectives of the organization in the field of personal data protection, the range of issues that are regulated by the Regulations.
Composition of personal data: information that the employer uses within the framework of labor relations with the employee, a list of documents containing such data.
The procedure for collecting and processing information, including methods and places of storage, measures to protect against unauthorized distribution. Among other things, the requirement to obtain information only from the person himself or, with his written consent, from third parties is prescribed here. The consent form can be issued as an annex to the Regulations.
The procedure for the transfer of personal data both within the organization and third parties and government agencies. This should reflect the legislative norm to transfer personal information about the employee to third parties only with his written consent. An exception is if it is necessary to protect the life and health of the employee.
List of employees with access to personal data. Most often, these are HR specialists, accountants, heads of structural divisions, etc.
Responsibility for the disclosure of personal data of employees. In the section, it is worth indicating the positions of those who are responsible for violating the rules for storing, processing and transferring personal data, as well as the types of liability provided for by law (we will talk about changes in this area in more detail below).

The regulation on the protection of the employee's personal data and the consent template are approved by the head of the organization. A stamp with a signature, date of approval and protocol number is placed on title page document. To put the Regulation into effect, the head issues a separate order.

All employees must be familiarized with the Regulation on personal data against signature. To do this, organizations often start a separate journal with a list of employees working in the company.

Consent to the processing of personal data

This is a document in which a person being hired allows the future employer to receive the necessary information and use it within the framework of current legislation.

The employer has no right to collect and use the personal information of employees without their written consent. An exception is data from medical institutions regarding contraindications to a certain type of activity.

Consent must include the following information (part 4 of article 9):

Full name, address of the employee, details of the passport (or other identification document);
Full name, address of the representative of the employee, details of his passport (or other identity document), details of the power of attorney;
name or full name and address of the employer receiving the consent of the personal data carrier;
a list of personal data for the processing of which consent is given;
purpose of personal data processing;
a list of actions with personal data for which consent is given, general description how this information is processed;
the period during which the consent of the employee is valid, as well as the method of its withdrawal, unless otherwise provided by federal law.

The document is signed by the employee after reading the Regulations. The same consent must be issued if a person allows third parties to provide information about themselves.

An employer does not have the right to force a potential employee to provide any information about himself. If the applicant refuses to sign the Consent, the organization may reconsider the admission of such a person to the staff. Any of the working employees of the organization can also withdraw their consent (part 2 of article 9).

After the employer has received the employee's consent to the processing of personal information, he can entrust this to a third party, but the responsibility for the safety of the information still lies with the employer.

Really large-scale changes have affected the spheres of personal data protection, and the employer should be doubly careful both when drawing up the Regulations and when working with personal information about employees. Remember, the more detailed and specific the Regulations on Personal Data are, the clearer the work in this area of personnel records will be built in the organization.

On July 1, 2017, Federal Law No. 13-FZ of February 7, 2017 “On Amendments to the Code of Administrative Offenses of the Russian Federation” (hereinafter referred to as Federal Law No. 13-FZ) comes into force, which details the list of violations in the field of personal data and increased the amount of administrative responsibility for them. In this regard, we decided to recall the main provisions federal law dated July 27, 2006 No. 152-FZ "On Personal Data" (hereinafter - Federal Law No. 152-FZ) and Ch. 14 of the Labor Code of the Russian Federation, which regulate the rules for processing personal data of employees and guarantees for their protection.

Law on personal data in 2017

Personal data refers to any information relating directly or indirectly to a specific or identifiable natural person (subject of personal data) (Article 3 of Federal Law No. 152-FZ).

According to paragraph "a" Art. 2 of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (concluded in Strasbourg on January 28, 1981), personal data means any information about a specific or identifiable natural person (data subject).

By virtue of paragraph 3 of Art. 3 of Federal Law No. 152-FZ, any actions or operations with personal data are considered to be their processing. Such actions include collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer of personal data (their distribution, provision, access to them), depersonalization, blocking, deletion, destruction of data. All these actions can be performed with or without the use of automation tools.

Organization of work with personal data.

According to Part 1 of Art. 57 of the Labor Code of the Russian Federation in the employment contract must indicate the last name, first name, patronymic of the employee, information about documents proving his identity, TIN. This means that every employer, concluding labor contract receives information relating to personal data. Such information is contained in the documents presented by the employee when applying for a job:

in passport;
in a military ID (for those liable for military service);
in the certificate of assignment of TIN;
in the insurance pension certificate;
in education documents;
in the driver's license and documents for the car, if required in connection with the performance of the labor function;
on the medical certificate medical examination (medical book), if it is necessary in connection with the performance of the employee's labor function.

Article 86 of the Labor Code of the Russian Federation establishes General requirements which the employer and his representatives must comply with when processing personal data in order to ensure the rights and freedoms of man and citizen:

the processing of personal data of an employee may be carried out solely for the purpose of ensuring compliance with laws and other regulatory legal acts, assisting employees in finding employment, education and promotion, ensuring the personal safety of employees, controlling the quantity and quality of work performed and ensuring the safety of property;
when determining the scope and content of the processed personal data of an employee, the employer must be guided by the Constitution of the Russian Federation, the Labor Code of the Russian Federation and other federal laws;
all personal data of the employee should be obtained from him. If the employee's personal data can only be obtained from a third party, the employee must be notified of this in advance and written agreement. The employer must inform the employee about the purposes, intended sources and methods of obtaining personal data, as well as the nature of the personal data to be obtained and the consequences of the employee's refusal to give written consent to receive them;
the employer does not have the right to receive and process information about the employee that, in accordance with the legislation of the Russian Federation in the field of personal data, belongs to special categories of personal data, with the exception of cases provided for by the Labor Code of the Russian Federation and other federal laws;
the employer does not have the right to receive and process the personal data of the employee about his membership in public associations or his trade union activities, except in cases established by the Labor Code of the Russian Federation or other federal laws;
when making decisions affecting the interests of the employee, the employer does not have the right to rely on the employee's personal data obtained solely as a result of their automated processing or electronic receipt;
protection of the employee's personal data from their misuse or loss must be ensured by the employer at his expense in the manner established by the Labor Code of the Russian Federation and other federal laws;
employees and their representatives must be familiarized under signature with the documents of the employer establishing the procedure for processing the personal data of employees, as well as their rights and obligations in this area;
employees should not waive their rights to maintain and protect secrets;
employers, employees and their representatives should jointly develop measures to protect the personal data of employees.

In accordance with paragraph 2 of part 1 of Art. 18.1 of Federal Law No. 152-FZ, each organization is obliged to issue a document defining its policy regarding the processing of personal data, a local act on the processing of personal data, as well as a local act establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, eliminating the consequences of such violations.

The absence in the organization of a local regulatory act establishing the procedure for processing personal data of employees is a violation labor law and entails administrative responsibility under Art. 5.27 of the Code of Administrative Offenses of the Russian Federation (decisions of the Moscow City Court dated August 29, 2011 No. 4a-1743/11, 4a-1742/11, FAS MO dated November 27, 2006 No. KA-A40 / 11424-06 in case No. A40-17389 / 06-146- 165, dated 01.11.2006, 08.11.2006 No. КА-А40/10787-06 in case No. А40-32068/06-96-156).

The employer is obliged to ensure such a procedure for storing personal data that would limit unauthorized access to them. The right of access to personal data of an employee, in particular, has:

head of the organization (employer - individual entrepreneur);
immediate supervisor of the employee;
head of the personnel department;
personnel department staff;
accounting staff.

Since not only the head of the organization can have access to personal data, employees of the organization are also responsible for disclosing personal data. For example, according to paragraph "c" part 6 of Art. 81 of the Labor Code of the Russian Federation, an employment contract with an employee can be terminated at the initiative of the employer in the event of disclosure of a legally protected secret (state, commercial, official and other), which has become known to the employee in connection with the execution of job duties, including when disclosing personal data of another employee.

Law on Personal Data in 2017

The regulation on the features of the processing of personal data carried out without the use of automation tools was approved by Decree of the Government of the Russian Federation of September 15, 2008 No. 687 (hereinafter referred to as the Regulation).

According to clause 6 of the Regulations, persons processing personal data without using automation tools (including employees of the operating organization or persons carrying out such processing under an agreement with the operator) must be informed of:

about the fact of their processing personal data, the processing of which is carried out by the operator without the use of automation tools;
on the categories of processed personal data;
about the features and rules for the implementation of such processing, established by the regulatory legal acts of the federal executive authorities, executive authorities of the constituent entities of the Russian Federation, as well as local legal acts of the organization (if any).

Measures to ensure the security of personal data during their processing carried out without the use of automation tools		The processing of personal data without the use of automation tools should be carried out in such a way that for each category of personal data it is possible to determine the places of storage of personal data (tangible media) and establish a list of persons processing personal data or having access to them

		It is necessary to ensure separate storage of personal data (tangible media), the processing of which is carried out for various purposes

		When storing material media, conditions must be observed to ensure the safety of personal data and exclude unauthorized access to them. The list of measures necessary to ensure such conditions, the procedure for their adoption, as well as the list of persons responsible for the implementation of these measures, are established by the operator

Note:

All documents containing personal data of employees, such as personal files, file cabinets, accounting journals, should be stored in specially equipped cabinets or safes that are locked and sealed. Employment records of employees should be kept in a safe separate from personal files.

Registration of the consent of the employee to the transfer of his personal data.

In accordance with Art. 88 of the Labor Code of the Russian Federation, the transfer of personal data of an employee to a third party without the written consent of the specified employee is not allowed, except as provided by law. We will immediately list the situations when the consent of the employee to the transfer of his personal data is not required.

The consent of the employee to the transfer of his personal data is not required	Legislation
To third parties in order to prevent a threat to the life and health of an employee	Paragraph 2 of Art. 88 of the Labor Code of the Russian Federation, para. 1 p. 4 Clarifications of Roskomnadzor
In the FSS, PFR in the amount prescribed by law	Paragraph 15, part 2, art. 22 of the Labor Code of the Russian Federation, paragraph 2 of Art. 12 of the Federal Law of July 16, 1999 No. 165-FZ, paragraphs 1, 2 of Art. 9, paragraph 1, 2, 2.1, 3 art. 11, par. 2 hours 2 tbsp. 15 of the Federal Law of April 1, 1996 No. 27-FZ, paragraph 2 of Art. 14 of the Federal Law of December 15, 2001 No. 167-FZ, para. 3 p. 4 Clarifications of Roskomnadzor
To the tax authorities	Subparagraphs 1, 2, 4, paragraph 3 of Art. 24 of the Tax Code of the Russian Federation, par. 5 p. 4 Clarifications of Roskomnadzor
to military commissariats	Paragraph 4, paragraph 1, Art. 4 of the Federal Law of March 28, 1998 No. 53-FZ, paras. "g" n. 30, pp. “a” - “c”, “e”, “e” p. 32 of the Regulations on military registration, approved by Decree of the Government of the Russian Federation of November 27, 2006 No. 719, para. 5 p. 4 Clarifications of Roskomnadzor
At the request of trade unions in order to monitor compliance with labor laws by the employer	Paragraph 5, part 6, art. 370 of the Labor Code of the Russian Federation, paragraph 1 of Art. 17, paragraph 1 of Art. 19 of the Federal Law of January 12, 1996 No. 10-FZ, para. 5 p. 4 Clarifications of Roskomnadzor
At the motivated request of the prosecutor's office	Paragraph 1 of Art. 22 of the Federal Law of January 17, 1992 No. 2202-1, para. 7 p. 4 Clarifications of Roskomnadzor
On a motivated request law enforcement and security agencies	Article 6 of the Federal Law of July 29, 2004 No. 98-FZ, clause 4, part 1, art. 13 of the Federal Law of 07.02.2011 No. 3-FZ, paragraph "m" part 1 of Art. 13 of the Federal Law of 03.04.1995 No. 40-FZ, para. 7 p. 4 Clarifications of Roskomnadzor
On request from state inspectors labor in the implementation of their supervisory and control activities	Paragraph 3, part 1, art. 357 of the Labor Code of the Russian Federation, para. 7 p. 4 Clarifications of Roskomnadzor
To the authorities and organizations that must be notified of a serious accident, including a fatal one	Paragraph 5 of Art. 228 of the Labor Code of the Russian Federation. The list of notified bodies and the deadlines for sending notices of an accident are established by Art. 228.1 of the Labor Code of the Russian Federation
In cases related to the performance by the employee official duties, including when sent on a business trip	Parts 5 - 5.2 Art. 11 of the Federal Law of 09.02.2007 No. 16-FZ, clause 19 of the Rules for the provision of hotel services in the Russian Federation, approved by Decree of the Government of the Russian Federation of 09.10.2015 No. 1085, para. 2 p. 2 Decree of the Government of the Russian Federation No. 1085, para. 4 p. 4 Clarifications of Roskomnadzor
To provide information to a bank serving bank cards employees, provided that in the card issuance agreement ( collective agreement, a local regulatory act of the organization) contains a clause on the right of the employer to transfer personal data of employees or the employer acts on the basis of a power of attorney to represent the interests of employees	Paragraph 10 p. 4 Clarifications of Roskomnadzor

In all other cases, the transfer of personal data is made with the written consent of the employee, from which it should be clear to whom his personal data will be transferred and for what purpose.

In addition, the employer is obliged to warn persons receiving personal data that this information can only be used for the purposes for which it is provided, and require these persons to confirm that this rule has been observed.

Control and supervision of the processing of personal data.

Control and supervision over the processing of personal data of employees is carried out in accordance with Ch. 5 of Federal Law No. 152-FZ.

Note:

The authorized body for the protection of the rights of subjects of personal data, which is entrusted with ensuring control and supervision over the compliance of the processing of personal data, is the federal executive body exercising the functions of control and supervision in the field of information technologies and connections. Currently, this is the Federal Service for Supervision of Communications, Information Technology and Mass Communications (Roskomnadzor) (Decree of the Government of the Russian Federation dated March 16, 2009 No. 228 “On the Federal Service for Supervision of Communications, Information Technology and Mass Communications”).

Taking into account the amendments made by Federal Law No. 16-FZ, from March 1, 2017, the activities of Roskomnadzor in the field of personal data processing are classified as state control and supervision. Now Roskomnadzor protects the rights of personal data subjects - individuals and will conduct inspections of organizations and entrepreneurs (personal data operators), as well as control the processing of personal data by other operators. The procedure for conducting inspections and other control measures is determined by the Government of the Russian Federation (parts 1, 1.1, article 23 of Federal Law No. 152-FZ).

The authorized body for the protection of the rights of subjects of personal data considers the appeals of the subject of personal data on the compliance of the content of his personal data and the methods of their processing with the purposes of processing such data and makes an appropriate decision.

The employer should familiarize himself with the provisions of the Order of the Ministry of Telecom and Mass Communications of the Russian Federation of November 14, 2011 No. 312, which approved Administrative regulation on the performance by this service of the functions of exercising state control (supervision) over the correctness of the processing of personal data. The subject of control are:

documents, the nature of the information in which implies or allows the inclusion of personal data in them;
Information Systems personal data;
processing activities.

Bringing to administrative responsibility for personal data.

According to Art. 90 of the Labor Code of the Russian Federation, persons guilty of violating the provisions of the legislation of the Russian Federation in the field of personal data when processing the personal data of an employee are subject to disciplinary and material liability in the manner established by the Labor Code of the Russian Federation and other federal laws, as well as to civil, administrative and criminal liability in accordance with in the manner prescribed by federal law.

Paragraph 2 of Art. 23 of Federal Law No. 152-FZ establishes that the authorized body for the protection of the rights of subjects of personal data has the right to bring to administrative responsibility persons guilty of violating the provisions of this law. The amount of administrative responsibility for violation of the law on personal data is provided for in Art. 13.11 of the Code of Administrative Offenses of the Russian Federation.

Federal Law No. 13-FZ Art. 13.11 of the Code of Administrative Offenses of the Russian Federation is set out in new edition. In particular, the list of violations in the field of personal data has been detailed and the amount of administrative responsibility for them has been increased. The new version of this article will apply on July 1, 2017.

Responsibility for personal data. Note:

Prior to the entry into force of the amendments to Art. 13.11 of the Code of Administrative Offenses of the Russian Federation provides that a violation of the requirements of Ch. 14 of the Labor Code of the Russian Federation, Federal Law No. 152-FZ, Federal Law No. 27-FZ and other laws that determine the procedure for collecting, storing, using or distributing information about citizens (their personal data), entails a warning or the imposition of an administrative fine:

for officials - in the amount of 500 to 1,000 rubles;
for legal entities - in the amount of 5,000 to 10,000 rubles.

Starting from 07/01/2017, the following administrative liability for violations of the law on personal data is provided.

Type of violation	The amount of the fine, rub.
Type of violation	For legal entities	For officials
Processing of personal data in cases not provided for by the legislation of the Russian Federation in the field of personal data, or their processing incompatible with the purposes of collecting personal data, except for the cases specified below, if these actions do not contain a criminally punishable act	From 30,000 to 50,000	From 5,000 to 10,000
Processing of personal data without the consent in writing of the subject of personal data to their processing in the case when such consent must be obtained in accordance with the legislation of the Russian Federation in the field of personal data, if these actions do not contain a criminally punishable act	From 15,000 to 75,000	From 10,000 to 20,000
Processing of personal data in violation of the requirements established by the legislation of the Russian Federation in the field of personal data for the composition of information reflected in the consent of the subject of personal data to their processing in writing	From 15,000 to 75,000	From 10,000 to 20,000
Failure to comply with the obligation stipulated by the legislation of the Russian Federation in the field of personal data to publish a document defining the operator's policy regarding the processing of personal data, or information about the implemented requirements for the protection of personal data or otherwise providing unlimited access to them	From 15,000 to 30,000	From 3,000 to 6,000
Failure to comply with the obligation stipulated by the legislation of the Russian Federation in the field of personal data to provide the subject of personal data with information regarding the processing of his personal data	From 20,000 to 40,000	From 4,000 to 6,000
Failure by the operator to fulfill, within the time limits established by the legislation of the Russian Federation in the field of personal data, the requirements of the subject of personal data or his representative, or authorized body on protecting the rights of personal data subjects to clarify personal data, block it or destroy it if personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing	From 25,000 to 45,000	From 4,000 to 6,000
Failure by the operator, when processing personal data without the use of automation tools, of the obligation to comply with the conditions that ensure, in accordance with the legislation of the Russian Federation in the field of personal data, the safety of personal data when storing physical media of personal data and excluding unauthorized access to them, if this resulted in illegal or accidental access to personal data data, their destruction, modification, blocking, copying, provision, distribution or other illegal actions in relation to personal data, in the absence of signs of a criminally punishable act	From 25,000 to 50,000	From 4,000 to 10,000
Failure by the operator, which is a state or municipal body, to fulfill the obligation to depersonalize personal data provided for by the legislation of the Russian Federation in the field of personal data, or non-compliance established requirements or methods for their depersonalization		From 3,000 to 6,000

Criminal liability.

Criminal liability for violation of privacy is established in Art. 137 of the Criminal Code of the Russian Federation.

Part 2 of this article provides that the illegal collection or dissemination of information about the private life of a person, committed by a person using his official position, is punishable by:

or a fine in the amount of 100,000 to 300,000 rubles. or in the amount of wages (other income of the convict) for a period of one to two years;
or deprivation of the right to hold certain positions or carry out certain activities for a period of two to five years;
or forced labor for up to four years with deprivation of the right to hold certain positions or carry out certain activities for up to five years or without it;
or arrest for up to six months, imprisonment for up to four years with deprivation of the right to hold certain positions or carry out certain activities for up to five years.

Compensation for moral damage.

According to Art. 24 of Federal Law No. 152-FZ, persons guilty of violating the requirements of this regulatory legal instrument, bear the responsibility provided by the legislation of the Russian Federation.

Moral damage caused to the subject of personal data as a result of violation of his rights, violation of the rules for processing personal data established by this law, as well as requirements for the protection of personal data, is subject to compensation in accordance with the legislation of the Russian Federation. Compensation for moral damage is carried out regardless of compensation for property damage and losses incurred by the subject of personal data.

* * *

In conclusion, we list the main obligations of the employer, which he must fulfill when working with personal data:

develop and adopt local regulations governing the storage and use of personal data of employees;
appoint a person responsible for organizing the processing of personal data;
establish a list of persons processing personal data or having access to them;
establish a list of places for storing documentation that is a carrier of personal data of employees, as well as a list of measures necessary to ensure the safety of personal data, the procedure for their adoption;
to acquaint employees under the signature with the regulation on the organization of work with personal data;
take the written consent of employees to the processing of personal data, which must be specific and informed and contain exactly the information to which employees give consent for processing, as well as consent to transfer their personal data to third parties indicating these persons;
send a notification to Roskomnadzor about the processing of personal data of employees in cases provided for by the legislation of the Russian Federation.

For failure to comply with these requirements of the legislation, the employer may be held administratively liable, and in some cases - criminally.

Clarifications of Roskomnadzor “Issues relating to the processing of personal data of employees, job seekers vacancies, as well as persons in the personnel reserve”, published on the website http://www.rsoc.ru 24.12.2012.

Federal Law No. 16-FZ dated February 22, 2017 “On Amendments to Chapter 5 of the Federal Law “On Personal Data” and Article 1 of the Federal Law “On the Protection of the Rights of Legal Entities and individual entrepreneurs when exercising state control (supervision) and municipal control”.

The administrative regulation on the performance by the Federal Service for Supervision in the Sphere of Communications, Information Technology and Mass Media of the state function of exercising state control (supervision) over the compliance of the processing of personal data with the requirements of the legislation of the Russian Federation in the field of personal data, is valid as amended on November 24, 2014.

S. E. Nesterov,

I APPROVE ____________________________________ (name of the position of the head of the enterprise)

____________________________________ (full name, signature)

"____"___________________ _____ G.

POSITION

on the processing and protection of personal data of employees

1. GENERAL PROVISIONS

1.1. This Regulation establishes the procedure for obtaining, recording, processing, accumulating and storing documents containing information related to the personal data of employees of the enterprise. Employees are persons who have entered into an employment contract with the enterprise.

1.2. The purpose of this Regulation is to protect the personal data of employees of the enterprise from unauthorized access and disclosure. Personal data is always confidential, strictly protected information.

1.3. The basis for the development of this Regulation is the Constitution of the Russian Federation, the Labor Code of the Russian Federation, and other current regulatory legal acts of the Russian Federation.

1.4. These Regulations and amendments to it are approved by the head of the enterprise and introduced by order for the enterprise. All employees of the enterprise must be familiarized with this Regulation and amendments to it against signature.

2. CONCEPT AND COMPOSITION OF PERSONAL DATA

2.1. The personal data of employees is understood as information necessary for the employer in connection with labor relations and relating to a particular employee, as well as information about the facts, events and circumstances of the employee's life, allowing to identify his personality.

2.2. The composition of the employee's personal data:

Autobiography;

Education;

Information about labor and general experience;

Information about the previous place of work;

Information about the composition of the family;

Passport data;

Information about military registration;

Information about wages employee

Information about social benefits;

Speciality;

Position held;

The amount of wages;

Having a criminal record;

Residence address;

Home phone;

Originals and copies of orders on personnel;

Personal files and work books of employees;

Grounds for orders on personnel;

Copies of reports sent to the statistical authorities;

Copies of education documents;

results medical examination on the subject of suitability for the implementation of labor duties;

Photos and other information related to the personal data of the employee;

2.3. These documents are confidential. The confidentiality regime of personal data is removed in cases of depersonalization or after ____ years of storage period, unless otherwise provided by law.

3. OBLIGATIONS OF THE EMPLOYER

3.1. In order to ensure the rights and freedoms of man and citizen, the employer and his representatives, when processing the personal data of the employee, must comply with the following general requirements:

3.1.1. The processing of personal data of an employee may be carried out solely for the purpose of ensuring compliance with laws and other regulatory legal acts, assisting employees in employment, training and promotion, ensuring the personal safety of employees, controlling the quantity and quality of work performed and ensuring the safety of property.

3.1.2. When determining the scope and content of the processed personal data of an employee, the employer must be guided by the Constitution of the Russian Federation, the Labor Code of the Russian Federation and other federal laws.

3.1.3. All personal data of the employee should be obtained from him. If the employee's personal data can only be obtained from a third party, then the employee must be notified of this in advance and written consent must be obtained from him. The employer must inform the employee about the purposes, intended sources and methods of obtaining personal data, as well as the nature of the personal data to be obtained and the consequences of the employee's refusal to give written consent to receive them.

3.1.4. The employer does not have the right to receive and process the personal data of the employee about his political, religious and other beliefs and private life. In cases directly related to issues of labor relations, in accordance with Art. 24 of the Constitution of the Russian Federation, an employer has the right to receive and process data on the private life of an employee only with his written consent.

3.1.5. The employer does not have the right to receive and process the employee's personal data on his membership in public associations or his trade union activities, except as otherwise provided by federal law.

3.1.6. When making decisions affecting the interests of the employee, the employer does not have the right to rely on the employee's personal data obtained solely as a result of their automated processing or electronic receipt.

3.1.7. The protection of the employee's personal data from their unlawful use or loss must be ensured by the employer at his expense in the manner prescribed by federal law.

3.1.8. Employees and their representatives must be familiarized against signature with the documents of the enterprise that establish the procedure for processing personal data of employees, as well as their rights and obligations in this area.

3.1.9. Employees must not waive their rights to maintain and protect secrecy.

4. EMPLOYEE RESPONSIBILITIES

The employee is obliged:

4.1. Transfer to the employer or his representative a set of reliable documented personal data, the list of which is established by the Labor Code of the Russian Federation.

4.2. In a timely manner, within a reasonable time, not exceeding 5 days, inform the employer about changes in their personal data.

5. RIGHTS OF THE EMPLOYEE

The employee has the right:

5.1. For full information about their personal data and the processing of this data.

5.2. Free access to their personal data, including the right to receive copies of any record containing the employee's personal data, except as otherwise provided by the legislation of the Russian Federation.

5.3. To access medical data with medical specialist of your choice.

5.4. Demand the exclusion or correction of incorrect or incomplete personal data, as well as data processed in violation of the requirements defined by labor legislation. If the employer refuses to delete or correct the personal data of the employee, he has the right to declare in writing to the employer his disagreement with the appropriate justification for such disagreement. The employee has the right to supplement personal data of an evaluative nature with a statement expressing his own point of view.

5.5. Require the employer to notify all persons who were previously provided with incorrect or incomplete personal data of the employee about all exceptions, corrections or additions made to them.

5.6. Appeal in court any illegal actions or inaction of the employer in the processing and protection of his personal data.

5.7. Designate your representatives to protect your personal data.

6. COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA

6.1. The processing of personal data of an employee is the receipt, storage, combination, transfer or any other use of personal data of an employee.

6.2. All personal data of the employee should be obtained from him. If the employee's personal data can only be obtained from a third party, then the employee must be notified of this in advance and written consent must be obtained from him.

6.3. The employer must inform the employee about the purposes, intended sources and methods of obtaining personal data, as well as the nature of the personal data to be obtained and the consequences of the employee's refusal to give written consent to receive them.

6.4. The employee provides the employer with reliable information about himself. The employer checks the accuracy of the information by comparing the data provided by the employee with the documents available to the employee. The provision by an employee of false documents or false information when applying for a job is the basis for terminating the employment contract.

6.5. When applying for a job, an employee fills out a questionnaire and an autobiography.

6.5.1. The questionnaire is a list of questions about the employee's personal data.

6.5.2. The questionnaire is filled out by the employee himself. When filling out the questionnaire, the employee must fill in all its columns, give full answers to all questions, avoid corrections or strikethroughs, dashes, blots in strict accordance with the entries contained in his personal documents.

6.5.3. Autobiography - a document containing a description in chronological order of the main stages of the life and activities of the hired employee.

6.5.4. The autobiography is compiled in free form, without blots and corrections.

6.5.5. The questionnaire and CV of the employee must be kept in the personal file of the employee. The personal file also stores other personal records relating to the personal data of the employee.

6.5.6. The personal file of the employee is drawn up after the issuance of an order for employment.

6.5.7. All documents of the personal file are filed in the cover of the sample established at the enterprise. It indicates the surname, name, patronymic of the employee, the number of the personal file.

6.5.8. Each file is accompanied by two ______ size color photographs of the worker.

6.5.9. All documents received in the personal file are arranged in chronological order. Sheets of documents filed in a personal file are numbered.

6.5.10. Personal business is conducted throughout labor activity worker. Changes made to the personal file must be confirmed by relevant documents.

7. TRANSFER OF PERSONAL DATA

7.1. When transferring personal data of an employee, the employer must comply with the following requirements:

Do not disclose the personal data of the employee to a third party without the written consent of the employee, except when it is necessary in order to prevent a threat to the life and health of the employee, as well as in cases established by federal law;

Do not disclose the employee's personal data for commercial purposes without his written consent;

Warn persons receiving employee personal data that the data may only be used for the purposes for which it is disclosed, and require these persons to confirm that this rule has been observed. Persons receiving personal data of an employee are required to maintain confidentiality. This provision does not apply to the exchange of personal data of employees in the manner prescribed by federal laws;

Allow access to personal data of employees only specifically authorized persons, while these persons should have the right to receive only those personal data of the employee that are necessary for the performance of specific functions;

Do not request information about the health status of the employee, with the exception of information that relates to the issue of the employee's ability to perform a labor function;

Transfer personal data of an employee to employee representatives in the manner prescribed by the Labor Code of the Russian Federation, and limit this information only to those personal data of an employee that are necessary for the specified representatives to perform their functions.

8. ACCESS TO EMPLOYEE'S PERSONAL DATA

8.1. Internal access (access within the enterprise).

The following persons have the right to access personal data of an employee:

Head of the enterprise;

Head of the Human Resources Department;

Heads of structural divisions in the direction of activity (access to personal data only of employees of their division) in agreement with the head of the enterprise;

When transferring from one structural unit in another, the head of the new division may have access to the employee's personal data in agreement with the head of the enterprise;

Accounting staff - to the data that is necessary to perform specific functions;

The worker himself, the data carrier.

8.2. external access.

Personal data outside the organization may be submitted to state and non-state functional structures:

Tax inspections;

Law enforcement agencies;

bodies of statistics;

insurance agencies;

military registration and enlistment offices;

Social insurance bodies;

pension funds;

Subdivisions of municipal governments.

8.3. Other organizations.

Information about an employee (including a dismissed employee) can be provided to another organization only upon a written request on the organization's letterhead with a copy of the employee's application attached.

8.4. Relatives and family members.

Personal data of an employee may be provided to relatives or members of his family only with the written permission of the employee.

9. PROTECTION OF PERSONAL DATA OF EMPLOYEES

9.1. In order to ensure the safety and confidentiality of personal data of employees of the organization, all operations for the design, formation, maintenance and storage of this information should be performed only by employees of the personnel department who carry out this work in accordance with their official duties, fixed in their job descriptions.

9.2. Answers to written requests from other organizations and institutions within their competence and powers granted are given in writing on the letterhead of the enterprise and to the extent that allows not disclosing an excessive amount of personal information about employees of enterprises.

9.3. The transfer of information containing information about the personal data of employees of the organization by telephone, fax, e-mail without the written consent of the employee is prohibited.

9.4. Personal files and documents containing personal data of employees are stored in lockers (safes) that provide protection against unauthorized access.

9.5. Personal computers, which contain personal data, must be protected by access passwords.

10. RESPONSIBILITY FOR DISCLOSURE OF INFORMATION,

RELATED TO THE PERSONAL DATA OF THE EMPLOYEE

10.1. Persons guilty of violating the rules governing the receipt, processing and protection of personal data of an employee shall bear disciplinary, administrative, civil or criminal liability in accordance with federal laws.

Head of Human Resources: ______________

The GIT inspector will check whether the employer has approved the Regulation on working with personal data. How to draw up a document so that its content complies with the law and a ready-made sample document, look in the article.

In the article:

Download related documents:

Regulations on personal data of employees: 2020 sample

In the process of employment, and often even earlier, even at the stage of preliminary questionnaires and interviews, the employee provides the employer with certain information of a personal nature. Such information is classified as confidential and is not subject to disclosure to third parties. Moreover, not all types of information can be requested - for example, the question of the applicant's religious affiliation or political views will be inappropriate in any interview.

The employer is allowed to be interested only in those aspects of the employee's personal life that are directly related to his work and can affect the quality of its performance.

The definition of personal data is contained in the law No. 152-FZ of July 27, 2006. This is a key normative document, at the federal level, fixing the basic norms and principles for handling personal information. According to Article 3 of Law No. 152-FZ, personal any data related directly or indirectly to a specific subject (natural person) is considered. The subject may provide information about himself to the operator - a state or municipal authority, an employer (legal entity or individual).

Regulations on working with personal data of employees

The operator does not have the right to process the information received or disclose it to third parties without the consent of the subject. Protection of personal information provided by the legislation of the Russian Federation: the aforementioned federal law No. 152-FZ, separate articles of the Labor, Criminal and Civil Codes RF, as well as Art. 5.39 and 13.11-13.14 of the Code of Administrative Offenses of the Russian Federation. These rules apply to organizations of all forms of ownership.

Each company that collects personal information about its employees must draw up and approve a policy on the protection of personal data of employees. This is the name of a local regulation that establishes the procedure for working with personal data within a particular enterprise in accordance with the requirements of Art. 87 of the Labor Code of the Russian Federation. In the sphere of the state civil service, the “Regulations on the personal data of a state civil servant and the conduct of his personal file” are being developed, as required by Decree of the President of the Russian Federation No.

In order to draw up the Regulations on the processing of personal data without errors, use the online service "Personnel Systems"

Take advantage now

Main types of personal information

Conventionally, the entire amount of personal data about a particular subject can be divided into five types:

general;
public;
impersonal;
special;
biometric.

General information is a person's passport data (last name, first name, patronymic, date of birth, marital status), address, telephone number, information about the education received, etc. The current legislation does not contain an exhaustive list of general data, but it lists in great detail the types of special data for which special rules for collection, processing and storage are established. These include information about:

state of health;
intimate life;
having a criminal record;
religion;
philosophical and political beliefs;
racial and national identity.

It is possible to request special data for processing only in strictly defined cases - for the purposes of medical (with the obligatory observance of medical secrecy) or insurance services, for the administration of justice, in the framework of countering terrorism, to protect the life or health of the subject. Criminal record information is processed only if there is a federal law requiring such processing. In addition, it is not forbidden to process special information if the subject himself gave it to him or made it publicly available.

Crib. When personal data can be processed without the consent of the employee

Attention! Public information is considered to be information posted by the owner in public sources - newspapers, magazines, address and telephone directories, social networks.

Biometric refers to information about the physiological or biological characteristics of a particular person: height, physique, fingerprints, drawing of the iris, the results of genetic and other studies that allow to establish his identity. Sometimes you can't do without them. A typical case of using “biometrics” is described in the note “Can an employer take fingerprints of employees to organize access control”: the results of fingerprinting allow you to instantly identify an employee, which is very important when holding events with limited access.

Biometric data should be processed and stored in accordance with Decree of the Government of the Russian Federation No. 512 dated July 6, 2008. After the purpose of processing is achieved or lost, biometric, special and general personal data must be depersonalized. It is impossible to establish the ownership of impersonal information (for example, the processed results of statistical reports and surveys) to a specific person.

Attention! Data that, for objective reasons, cannot be anonymized must be destroyed.

When drawing up a regulation on the personal data of employees, do not forget to prescribe the rules for processing various types of information, including biometric information, if the organization collects and uses it in its work.

What functions does the regulation on the protection of personal data perform

One way or another, the employer gets access to certain information about the private life of the employee. Filling out, providing various benefits and compensations, filing a tax deduction - this is just a small list of standard procedures for which you have to ask the employee for information about the state of health, family composition, etc. And since processing is carried out, then a provision on the protection of personal data is also necessary (a sample document is discussed below).

Attention! You need to receive personal information about an employee directly from him, and not from third parties.

Even within the same organization, personal information can only be transferred in accordance with local regulations. normative act, with which all personnel must first familiarize themselves under the signature. The need for such familiarization is enshrined in paragraph 8 of Art. 86 of the Labor Code of the Russian Federation.

Regulations on personal data of employees: sample structure

The very concept of information processing covers different types operations listed in clause 3, article 3 of federal law No. 152-FZ. First, the collection, recording and systematization of information is carried out. Then there is their accumulation, storage and use. Data can be refined, updated or modified, retrieved and transferred. If there is no need to use personalized information, it is depersonalized or destroyed. Therefore, the regulation on working with personal data of employees is divided into sections devoted to different stages of information processing:

general provisions;
receiving and systematization;
storage;
usage;
broadcast;
confidentiality guarantees.

Of course, the proposed structure can be adjusted as needed - to combine existing sections and add new ones, include additional lists and applications. But even the simplest model provision about the personal data of an employee is a convenient starting blank, on the basis of which you can develop a full-fledged document adapted to the working conditions of a particular enterprise.

Regulation on personal data: the procedure for processing and storing information

When developing a provision on personal data, a sample can be used as a basis. Particular attention should be paid to the sections devoted to the procedure for collecting, organizing and storing information. The more detailed each item is, the better and safer it is for the employer. If a mandatory survey of applicants is carried out, describe the procedure as accurately as possible and list the specific types of information requested:

The storage of any media of personal information - paper, electronic and any other - involves restricting access to them. For this purpose, separate rooms, safes, lockers, special folders and password-protected electronic databases are used. Only a limited circle of officials can request confidential information without special permission.

All these nuances must be included in the regulation on the protection of personal data of employees. A sample of the relevant section would look something like this:

Each employee has the legal right to know exactly how and to what extent his personal data is processed and used, as well as to correct or delete incorrect, incomplete or improperly processed information about himself.

Regulations on working with personal data of employees: a sample design for a section on the transfer of information

The employer is allowed to transfer personal information to third parties, but only under certain circumstances - for example, in order to prevent a threat to the life and health of an employee or in cases provided for by federal laws. In this case, the data does not become publicly available, but is confidentially transferred to an authorized person.

In all other cases, the rule enshrined in Article 7 of Law No. 152-FZ applies and requires each time such a need arises to request from the subject. At the same time, the data is transmitted in a limited amount necessary to perform specific function and no more.

Be sure to add a section on the rules for the transfer of confidential information in the policy on personal data of employees. An example section looks like this:

The employer must keep a record of the issuance of any personal information relating to employees of the enterprise. For this purpose, it starts special magazine(book) or electronic document. Ideally, records should be duplicated, keeping both electronic and paper media.

How to approve the regulation on the personal data of employees: a sample order

There are two ways to approve the provision on the protection of personal data of employees: or simply provide a special field for certification details on the form of the main document. Employers who do not want to multiply the amount of paper work usually prefer the second method and add the necessary fields to the "header" of the document.

Approving the document, the head of the organization puts on it personal signature and print. If the first, more time-consuming method of approval is chosen, an appropriate administrative document is drawn up. It is formatted in general order and, in fact, is no different from the standard.

If the employer previously applied a different version of the regulation, when the new version is put into effect, the order approving the Regulation on working with personal data or any other local act is used as a sample.

Order on approval of the Regulations on the work with personal data

Attention! If the organization has a legal department or in-house legal adviser, it is recommended that they agree with them on the protection of personal data of employees before the document is sent for final approval to the head of the enterprise.

Notice of personal data processing

In addition to a number of basic measures to protect the personal data of personnel, the law provides for another obligation of the operator - to notify Roskomnadzor of the forthcoming processing of personal data. This rule is present in Russian legislation since 2007. The notification form currently in use was approved in 2008.

We note right away that the notification requirement does not apply to all employers. According to Article 22 of Law No. 152-FZ, organizations that:

process the information received in accordance with labor legislation;
receive information in connection with the conclusion of the contract and use it exclusively within the framework of the execution of the agreements;
receive data recognized as publicly available or including only the surnames, first names and patronymics of the subjects;
request information once in order to allow the subject to enter the territory of the operator;
are religious or public and process information in confidence for legitimate purposes.

In order not to notify Roskomnadzor of data processing every time, an employer who uses information about employees solely within the framework of labor legislation can fix the corresponding condition with internal documents. Specify in the regulations and other local acts the main activities of the company and the purposes for which it collects and processes personal information about personnel.

Responsibility for violation of the rules for processing personal information

For violation of the legislation on the protection of personal information, the guilty person can be brought not only to disciplinary, but also to administrative responsibility and, in some cases, criminal liability. The measure of responsibility is chosen taking into account the type, severity and circumstances of the misconduct.

It should be remembered that illegal access to electronic information protected by law, and violation of privacy. This also includes improper storage of personal data, as well as unintentional disclosure of confidential information made without malicious intent, access to which was obtained in the performance of work duties. The injured party may, through the court, demand compensation for material and moral damage caused by the illegal actions of an official.

The amount of fines paid by employers for non-compliance with the rules for processing personal data of personnel is constantly increasing and currently amounts to tens of thousands of rubles. Therefore, if the organization does not apply or does not have a provision on the protection of personal data of employees, a sample document drawn up taking into account all the requirements of the law will obviously not be superfluous.

In order to process personal data of employees without a fine from the GIT, the employer must draw up and approve the Regulation on the processing of personal data of an employee. Such a position is binding document, which must be in the organization. Draw up the Regulation in any form and include in it all the features of the procedure for processing personal data in your company. Approve the finished document by order of the employer.

MINISTRY OF COMMUNICATIONS AND MASS COMMUNICATIONS

RUSSIAN FEDERATION

FEDERAL SERVICE FOR SUPERVISION IN THE FIELD OF COMMUNICATIONS,

ON THE APPROVAL OF THE REGULATION

INFORMATION TECHNOLOGIES AND MASS COMMUNICATIONS

In accordance with the Federal Law of July 27, 2006 N 152-FZ "On Personal Data" (Collected Legislation of the Russian Federation, 2006, N 31, Art. 3451; 2009, N 48, Art. 5716; N 52, Art. 6439 ; 2010, N 27, item 3407; N 31, item 4173, item 4196; N 49, item 6409; N 52, item 6974; 2011, N 23, item 3263; N 31, item 4701 ) and subparagraph "b" of paragraph 1 of the List of measures aimed at ensuring the fulfillment of the obligations provided for by the Federal Law "On Personal Data" and regulations adopted in accordance with it, by operators that are state or municipal bodies, approved by resolution Government of the Russian Federation dated March 21, 2012 N 211 (Collected Legislation of the Russian Federation, 2012, N 14, art. 1626), I order:

1. Approve the attached Regulations on the processing and protection of personal data in the central office of the Federal Service for Supervision of Communications, Information Technology and Mass Media.

2. Recognize invalid the order of the Federal Service for Supervision in the Sphere of Communications, Information Technology and Mass Communications of April 13, 2011 N 246 "On approval of the Regulations on the processing of personal data in the central office of the Federal Service for Supervision in the Sphere of Communications, Information Technologies and Mass Media Communications" (registered by the Ministry of Justice of the Russian Federation on May 17, 2011, registration N 20757).

3. Send this order for state registration to the Ministry of Justice of the Russian Federation.

Supervisor

A.A. ZHAROV

Application

to the order of the Federal Service

on supervision in the field of communications,

information technologies

mass communications

POSITION

ON PROCESSING AND PROTECTION OF PERSONAL DATA IN THE CENTRAL

OFFICE OF THE FEDERAL SERVICE FOR SUPERVISION IN THE FIELD OF COMMUNICATIONS,

INFORMATION TECHNOLOGIES AND MASS COMMUNICATIONS

I. General provisions

1.1. The Regulation on the processing and protection of personal data in the central office of the Federal Service for Supervision of Communications, Information Technology and Mass Media (hereinafter referred to as the Regulation) determines the purposes, content and procedure for processing personal data, measures aimed at protecting personal data, as well as procedures, aimed at identifying and preventing violations of the legislation of the Russian Federation in the field of personal data in the central office of the Federal Service for Supervision of Communications, Information Technology and Mass Communications (hereinafter referred to as Roskomnadzor).

1.2. This Regulation defines the policy of the central office of Roskomnadzor as an operator processing personal data regarding the processing and protection of personal data.

1.3. This Regulation has been developed in accordance with the Labor Code of the Russian Federation (Sobranie Zakonodatelstva Rossiyskoy Federatsii, 2002, N 1, Art. 3; N 30, Art. 3014, 3033; 2003, N 27, Art. 2700; 2004, N 18, Art. 1690; N 35, item 3607; 2005, N 1, item 27; N 19, item 1752; 2006, N 27, item 2878; N 52, item 5498; 2007, N 1, item 34; N 17, item 1930; N 30, item 3808; N 41, item 4844; N 43, item 5084; N 49, item 6070; 2008, N 9, item 812; N 30, item 3613 ; N 30, item 3616; N 52, item 6235, 6236; 2009, N 1, item 17, 21; N 19, item 2270; N 29, item 3604; N 30, item 3732, 3739 ; N 46, item 5419; N 48, item 5717; 2010, N 31, item 4196; N 52, item 7002; 2011, N 1, item 49; N 25, item 3539; N 27, 3880; N 30, items 4586, 4590, 4591, 4596; N 45, items 6333, 6335; N 48, items 6730, 6735; N 49, item 7031; 2012, N 10, item 1164 ; N 14, item 1553; N 18, item 2127; N 31, item 4325) (hereinafter referred to as the Labor Code of the Russian Federation), the Code of the Russian Federation on Administrative Offenses (Collection of Legislation of the Russian Federation editions, 2002, N 1, art. one; No. 18, Art. 1721; No. 30, Art. 3029; No. 44, Art. 4295, 4298; 2003, N 27, art. 2700, 2708, 2717; No. 46, art. 4434, 4440; No. 50, art. 4847, 4855; No. 52, art. 5037; 2004, N 19, art. 1838; No. 30, Art. 3095; N 31, art. 3229; No. 34, art. 3529, 3533; No. 44, Art. 4266; 2005, N 1, art. 9, 13, 37, 40, 45; No. 10, art. 762, 763; No. 13, art. 1077, 1079; No. 17, art. 1484; No. 19, art. 1752; No. 25, Art. 2431; No. 27, Art. 2719, 2721; No. 30, Art. 3104; No. 30, Art. 3124, 3131; No. 40, art. 3986; No. 50, art. 5247; No. 52, art. 5574, 5596; 2006, N 1, art. 4, 10; N 2, art. 172, 175; No. 6, art. 636; No. 10, art. 1067; No. 12, art. 1234; No. 17, art. 1776; No. 18, Art. 1907; No. 19, art. 2066; No. 23, Art. 2380, 2385; No. 28, art. 2975; No. 30, Art. 3287; N 31, art. 3420, 3432, 3433, 3438, 3452; No. 43, art. 4412; No. 45, Art. 4633, 4634, 4641; No. 50, art. 5279, 5281; No. 52, art. 5498; 2007, N 1, art. 21, 25, 29, 33; No. 7, Art. 840; No. 15, Art. 1743; No. 16, art. 1824, 1825; No. 17, art. 1930; No. 20, art. 2367; No. 21, art. 2456; No. 26, art. 3089; No. 30, Art. 3755; N 31, art. 4001, 4007, 4008, 4009, 4015; No. 41, Art. 4845; No. 43, art. 5084; No. 46, Art. 5553; No. 49, art. 6034, 6065; No. 50, art. 6246; 2008, N 10, art. 896; No. 18, Art. 1941; No. 20, Art. 2251, 2259; No. 29, art. 3418; No. 30, Art. 3582, 3601, 3604; No. 45, Art. 5143; No. 49, art. 5738, 5745, 5748; No. 52, art. 6227, 6235, 6236, 6248; 2009, N 1, art. 17; No. 7, art. 771, 777; No. 19, art. 2276; No. 23, Art. 2759, 2767, 2776; No. 26, art. 3120, 3122, 3131, 3132; No. 29, art. 3597, 3599, 3635, 3642; No. 30, Art. 3735, 3739; No. 45, Art. 5265, 5267; No. 48, Art. 5711, 5724, 5755; 2010, N 1, art. one; No. 11, art. 1169, 1176; No. 15, art. 1743, 1751; No. 18, Art. 2145; No. 19, art. 2291; No. 21, Art. 2524, 2525, 2526, 2530; No. 23, Art. 2790; No. 25, Art. 3070; No. 27, Art. 3416, 3429; No. 28, art. 3553; No. 30, Art. 4000, 4002, 4005, 4006, 4007; N 31, art. 4155, 4158, 4164, 4191, 4192, 4193, 4195, 4198, 4206, 4207, 4208; No. 32, Art. 4298; No. 41, Art. 5192, 5193; No. 46, Art. 5918; No. 49, art. 6409; No. 50, art. 6605; No. 52, art. 6984, 6995, 6996; 2011, N 1, art. 10, 23, 29, 33, 47, 54; No. 7, art. 901; No. 15, Art. 2039, 2041; No. 17, Art. 2310, 2312; No. 19, art. 2714, 2715; No. 23, Art. 3260, 3267; No. 27, art. 3873, 3881; No. 29, art. 4289, 4290, 4291, 4298; No. 30, Art. 4573, 4574, 4584, 4585, 4590, 4591, 4598, 4600, 4601, 4605; No. 45, Art. 6325, 6326, 6334; No. 46, art. 6406; No. 47, art. 6601, 6602; No. 48, Art. 6730, 6732; No. 49, art. 7025, 7042, 7056, 7061; No. 50, art. 7342, 7345, 7346, 7351, 7352, 7355, 7362, 7366; 2012, N 6, art. 621; No. 10, art. 1166; No. 15, Art. 1723, Art. 1724; No. 18, Art. 2126, Art. 2128; No. 19, art. 2278; No. 24, art. 3068, art. 3069, art. 3082; No. 29, art. 3996; N 31, art. 4320, Art. 4322, Art. 4330; No. 41, Art. 5523), Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2006, No. 31, Art. 3451; 2009, No. 48, Art. 5716; No. 52, Art. 6439 ; 2010, N 27, item 3407; N 31, item 4173, item 4196; N 49, item 6409; N 52, item 6974; 2011, N 23, item 3263; N 31, item 4701 ) (hereinafter referred to as the Federal Law "On Personal Data"), Federal Law of July 27, 2006 N 149-FZ "On Information, Information Technologies and Information Protection" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2006, N 31, Art. 3448 ; 2010, N 31, item 4196; 2011, N 15, item 2038; N 30, item 4600; 2012, N 31, item 4328), Federal Law of May 27, 2003 N 58-FZ "On system of the public service of the Russian Federation" (Sobraniye zakonodatelstva Rossiyskoy Federatsii, 2003, No. 22, Art. 2063; No. 46, Art. 4437; 2006, No. 29, Art. 3123; 2007, No. 49, Art. 6070; 2011, No. 1 , Article 31; N 50, Article 7337) (hereinafter referred to as the Federal Law "On the Public Service System of the Russian Federation"), Federal Law dated July 27, 2004 N 79-FZ "On the State Civil Service of the Russian Federation" (Collected Legislation of the Russian Federation, 2004, N 31, art. 3215; 2006, N 6, Art. 636; 2007, N 10, art. 1151; No. 16, art. 1828; No. 49, art. 6070; 2008, N 13, Art. 1186; No. 30, Art. 3616; No. 52, art. 6235; 2009, N 29, Art. 3597, 3624; No. 48, Art. 5719; No. 51, art. 6150, 6159; 2010, N 5, Art. 459; No. 7, Art. 704; 2011, N 1, art. 31; No. 27, Art. 3866; No. 29, art. 4295; No. 48, Art. 6730; No. 50, art. 7337) (hereinafter - the Federal Law "On the State Civil Service of the Russian Federation"), Federal Law of December 25, 2008 N 273-FZ "On Combating Corruption" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2008, N 52, Art. 6228; 2011 , N 29, art. 4291; N 48, art. 6730) (hereinafter - the Federal Law "On Combating Corruption"), Federal Law of July 27, 2010 N 210-FZ "On the organization of the provision of state and municipal services" (Meeting Legislation of the Russian Federation, 2010, N 31, item 4179; 2011, N 15, item 2038; N 27, item 3880; N 29, item 4291; N 30, item 4587; N 49, item 7061; 2012, N 31, art. 4322) (hereinafter referred to as the Federal Law "On the organization of the provision of state and municipal services"), Federal Law of September 2, 2006 N 59-FZ "On the procedure for considering applications from citizens of the Russian Federation" (Collection of Legislation of the Russian Federation, 2006, N 19, article 2060; 2010, N 27, article 3410; N 31, article 4196) (hereinafter - the Federal Law "On the Procedure for consideration of applications from citizens of the Russian Federation"), Federal Law of July 7, 2003 N 126-FZ "On Communications" (Collected Legislation of the Russian Federation, 2003, N 28, art. 2895; No. 52, art. 5038; 2004, N 35, Art. 3607; No. 45, Art. 4377; 2005, N 19, Art. 1752; 2006, N 6, Art. 636; No. 10, art. 1069; N 31, art. 3431, Art. 3452; 2007, N 1, art. eight; No. 7, art. 835; 2008, N 18, art. 1941; 2009, N 29, art. 3625; 2010, N 7, art. 705; No. 15, art. 1737; No. 27, art. 3408; N 31, art. 4190; 2011, N 7, art. 901; No. 9, Art. 1205; No. 25, art. 3535; No. 27, art. 3873, art. 3880; No. 29, art. 4284, art. 4291; No. 30, Art. 4590; No. 45, Art. 6333; No. 49, art. 7061; No. 50, art. 7351, art. 7366; 2012, N 31, art. 4328), Federal Law No. 99-FZ of May 4, 2011 "On Licensing Certain Types of Activities" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2011, No. 19, Art. 2716; No. 30, Art. 4590; No. 43, Art. 5971 ; N 48, article 6728; 2012, N 26, article 3446; N 31, article 4322) (hereinafter - the Federal Law "On Licensing Certain Types of Activities"), Law of the Russian Federation of December 27, 1991 N 2124- 1 "About funds mass media" (Russian newspaper , 1992, February 8, N 32; Collection of Legislation of the Russian Federation, 1995, N 3, Art. 169; No. 24, art. 2256; No. 30, Art. 2870; 1996, N 1, art. four; 1998, N 10, Art. 1143; 2000, No. 26, Art. 2737; No. 32, Art. 3333; 2001, N 32, Art. 3315; 2002, N 12, art. 1093; No. 30, Art. 3029, Art. 3033; 2003, N 27, art. 2708; No. 50, art. 4855; 2004, N 27, art. 2711; No. 35, art. 3607; No. 45, Art. 4377; 2005, N 30, art. 3104; N 31, art. 3452; 2006, N 43, art. 4412; 2007, N 31, art. 4008; 2008, N 52, art. 6236; 2009, N 7, Art. 778; 2011, N 25, art. 3535; No. 29, art. 4291; 2012, N 31, art. 4322) (hereinafter referred to as the Law of the Russian Federation "On the Mass Media"), Decree of the President of the Russian Federation dated February 1, 2005 N 112 "On Approval of the Regulations on the Competition for Filling a Vacant Position in the State Civil Service of the Russian Federation" (Collected Legislation of the Russian Federation, 2005, N 6, item 439; 2011, N 4, item 578), Decree of the President of the Russian Federation of May 30, 2005 N 609 "On approval of the Regulations on the personal data of a state civil servant of the Russian Federation and the conduct of his personal file" ( Collection of Legislation of the Russian Federation, 2005, N 23, article 2242; 2008, N 43, article 4921), Decree of the Government of the Russian Federation of March 16, 2009 N 228 "On the Federal Service for Supervision of Communications, Information Technology and Mass Media communications" (Sobraniye zakonodatelstva Rossiyskoy Federatsii, 2009, N 12, item 1431; 2010, N 13, item 1502; N 26, item 3350; 2011, N 3, item 542; N 6, item 888; N 14, item 1935; N 21, item 2 965; No. 40, art. 5548; No. 44, Art. 6272; 2012, No. 20, Art. 2540; No. 39, art. 5270), Decree of the Government of the Russian Federation of November 1, 2012 N 1119 "On approval of requirements for the protection of personal data when they are processed in personal data information systems" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2012, N 45, Art. 6257), Government Decree of the Russian Federation dated July 6, 2008 N 512 "On approval of requirements for material carriers of biometric personal data and technologies for storing such data outside personal data information systems" (Sobraniye zakonodatelstva Rossiyskoy Federatsii, 2008, N 28, art. 3384), by a decree of the Government of the Russian Federation dated September 15, 2008 N 687 "On approval of the Regulations on the specifics of the processing of personal data carried out without the use of automation tools" (Collected Legislation of the Russian Federation, 2008, N 38, art. 4320), Decree of the Government of the Russian Federation of March 21, 2012 N 211 "On approval of the list of measures aimed at ensuring the fulfillment of the obligations stipulated by the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it, operators that are state or municipal bodies" (Collection of Legislation of the Russian Federation, 2012, N 14, art. 1626), Decree of the Government of the Russian Federation of September 10, 2009 N 723 "On the procedure for commissioning completed state information systems" (Collection of Legislation of the Russian Federation, 2009, N 37, item 4416; 2012, N 27, item 3753), Decree of the Government of the Russian Federation of January 27, 2009 N 63 "On the provision of federal state civil servants with a one-time subsidy for the purchase of residential premises" (Collected Legislation of the Russian Federation, 2009 , N 6, item 739; N 51, item 6328; 2010, N 9, item 963; N 52, p. t. 7104) (hereinafter - the Decree of the Government of the Russian Federation "On the provision of federal state civil servants with a one-time subsidy for the acquisition of residential premises"), by order of the Government of the Russian Federation dated May 26, 2005 N 667-r on approval of the form of the questionnaire to be submitted to government agency a citizen of the Russian Federation who has expressed a desire to participate in the competition for filling a vacant position in the state civil service of the Russian Federation (Collected Legislation of the Russian Federation, 2005, N 22, Art. 2192; 2007, N 43, Art. 5264), by order of the Government of the Russian Federation of October 6 2011 N 1752-r on approval of the list of documents attached by the applicant to the application for registration (re-registration) of the mass media (Collected Legislation of the Russian Federation, 2011, N 41, art. 5789), by order of the FSTEC of Russia, the FSB of Russia, the Ministry of Information and Communications of Russia dated February 13, 2008 N 55/86/20 "On Approval of the Procedure for Classifying Personal Data Information Systems" (registered by the Ministry of Justice of the Russian Federation on April 3, 2008, registration N 11462).

1.4. The processing of personal data in the central office of Roskomnadzor is carried out in compliance with the principles and conditions provided for by this Regulation and the legislation of the Russian Federation in the field of personal data.

II. Conditions and procedure for processing personal data

state civil servants of Roskomnadzor

2.1. Personal data of state civil servants of the central office of Roskomnadzor, heads and deputy heads territorial bodies Roskomnadzor (hereinafter referred to as civil servants of Roskomnadzor), citizens applying for positions in the civil service of the central office of Roskomnadzor and heads and deputy heads of territorial bodies of Roskomnadzor (hereinafter referred to as citizens applying for positions in the civil service of Roskomnadzor), persons replacing positions of heads subordinate to Roskomnadzor federal state unitary enterprises, as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, are processed in order to ensure personnel work, including for the purpose of assisting civil servants of Roskomnadzor in the performance of public service (persons replacing the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, in order to facilitate the performance of work), the formation personnel reserve state civil service, training and promotion, taking into account the results of the performance of official duties by civil servants of Roskomnadzor, ensuring the personal safety of civil servants of Roskomnadzor, persons replacing the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, and members of their families, providing civil servants of Roskomnadzor established by the legislation of the Russian Federation working conditions, guarantees and compensations, the safety of their property, as well as in order to combat corruption.

2.2. For the purposes specified in paragraph 2.1 of this Regulation, the following categories of personal data of Roskomnadzor civil servants, persons holding positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, citizens applying for positions in the public service of Roskomnadzor, as well as citizens applying for positions of managers federal state unitary enterprises subordinate to Roskomnadzor:

2.2.1. surname, name, patronymic (including previous surnames, first names and (or) patronymics, in case of their change);

2.2.2. date, month, year of birth;

2.2.3. Place of Birth;

2.2.4. information about citizenship (including previous citizenships, other citizenships);

2.2.5. type, series, number of the identity document, name of the authority that issued it, date of issue;

2.2.6. address of residence (address of registration, actual residence);

2.2.7. contact phone number or information about other methods of communication;

2.2.8. details of the insurance certificate of state pension insurance;

2.2.9. taxpayer identification number;

2.2.10. details of the compulsory medical insurance policy;

2.2.11. details of the certificate of state registration of acts of civil status;

2.2.12. marital status, family composition and information about close relatives (including former ones);

2.2.13. information about labor activity;

2.2.14. information about military registration and details of military registration documents;

2.2.15. information about education, including postgraduate vocational education(name and year of graduation educational institution, name and details of the document on education, qualification, specialty according to the document on education);

2.2.16. information about the academic degree;

2.2.17. ownership information foreign languages, degree of ownership;

2.2.18. a medical report in the prescribed form on the absence of a disease in a citizen that prevents entry into the state civil service or its passage;

2.2.19. photo;

2.2.20. information on the passage of the state civil service, including: date, grounds for entering the state civil service and appointment to the position of the state civil service, date, grounds for appointment, transfer, relocation to another position of the state civil service, the name of the substituted positions of the state civil service, indicating structural subdivisions, the amount of the salary, the results of certification for compliance with the position being replaced by the state civil service, as well as information about the previous place of work;

2.2.21. information contained in the service contract, additional agreements to the service contract;

2.2.22. information about your stay abroad;

2.2.23. information about the class rank of the state civil service of the Russian Federation (including diplomatic rank, military or special rank, class rank of law enforcement service, class rank of the civil service of a constituent entity of the Russian Federation), qualifying category state civil service (qualification level or class rank of municipal service);

2.2.24. information about the presence or absence of a criminal record;

2.2.25. information about issued permits to state secrets;

2.2.26. state awards, other awards and distinctions;

2.2.27. information about professional retraining and (or) advanced training;

2.2.28. information about annual paid holidays, study holidays and vacations without pay;

2.2.29. information about income, property and liabilities of a property nature;

2.2.30. current account number;

2.2.31. Bankcard number;

2.2.32. other personal data necessary to achieve the goals provided for in clause 2.1 of this Regulation.

2.3. The processing of personal data and biometric personal data of civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, is carried out without the consent of these persons within the framework of the purposes determined by clause 2.1 of this Regulation, in accordance with clause 2 of part 1 of article 6 and part 2 of article 11 of the Federal Law "On Personal Data" and the provisions of the Federal Law "On the Public Service System of the Russian Federation", the Federal Law "On the State Civil Service of the Russian Federation", the Federal Law "On Combating Corruption", the Labor Code of the Russian Federation.

2.4. Processing of special categories of personal data of state employees of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, is carried out without consent of these persons within the framework of the purposes specified in paragraph 2.1 of this Regulation, in accordance with subparagraph 2.3 of paragraph 2 of part 2 of Article 10 of the Federal Law "On Personal Data" and the provisions of the Labor Code of the Russian Federation, except for cases when personal data of an employee is obtained from a third party (in accordance with paragraph 3 of Article 86 of the Labor Code of the Russian Federation requires the written consent of the heads of federal state unitary enterprises subordinate to Roskomnadzor and civil en, applying for the specified position).

2.5. The processing of personal data of civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, is subject to obtaining consent specified persons in the following cases:

2.5.1. when transferring (distributing, providing) personal data to third parties in cases not provided for by the current legislation of the Russian Federation on the civil service;

2.5.2. in case of cross-border transfer of personal data;

2.5.3. when making decisions that give rise to legal consequences in relation to these persons or otherwise affect their rights and legitimate interests, based solely on the automated processing of their personal data.

2.6. In the cases provided for in paragraph 2.5 of this Regulation, the consent of the subject of personal data is made in writing, unless otherwise provided by the Federal Law "On Personal Data".

2.7. The processing of personal data of civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, is carried out by the Civil Service Department and Personnel Office organizational work Roskomnadzor (hereinafter - the personnel division of Roskomnadzor) and includes the following actions: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion , destruction of personal data.

2.8. Collection, recording, systematization, accumulation and clarification (update, change) of personal data of civil servants of Roskomnadzor, citizens applying for positions in the public service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions heads of federal state unitary enterprises subordinate to Roskomnadzor, is carried out by:

2.8.1. receipt of originals required documents(application, work book, autobiography, other documents submitted to the personnel division of Roskomnadzor);

2.8.2. copying original documents;

2.8.3. entering information into accounting forms(on paper and electronic media);

2.8.4. formation of personal data in the course of personnel work;

2.8.5. entering personal data into the information systems of Roskomnadzor used by the personnel division of Roskomnadzor.

2.9. Collection, recording, systematization, accumulation and clarification (updating, changing) of personal data is carried out by obtaining personal data directly from civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons replacing the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, and as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor.

2.10. If it becomes necessary to obtain personal data of a civil servant of Roskomnadzor and persons replacing the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor from a third party, the civil servant or the person filling the position of the head of a federal state unitary enterprise subordinate to Roskomnadzor should be notified in advance, receive their written consent and inform them about the purposes, intended sources and methods of obtaining personal data.

2.11. It is forbidden to receive, process and attach to the personal file of a civil servant of Roskomnadzor and a person replacing the position of the head of a federal state unitary enterprise subordinate to Roskomnadzor personal data that is not provided for in clause 2.2 of this Regulation, including those relating to race, nationality, political views, religious or philosophical beliefs , intimate life.

2.12. When collecting personal data, an employee of the personnel division of Roskomnadzor who collects (receives) personal data directly from civil servants of Roskomnadzor, citizens applying for positions in the public service of Roskomnadzor, persons replacing the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for filling the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor is obliged to explain to the specified subjects of personal data the legal consequences of the refusal to provide their personal data.

2.13. Transfer (distribution, provision) and use of personal data of civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor enterprises, is carried out only in cases and in the manner prescribed by federal laws.

III. Conditions and procedure for processing personal

data of civil servants of the central office

and territorial bodies of Roskomnadzor and persons consisting

with them in relationship (property), in connection with the consideration

issue of a one-time grant

for the purchase of housing

3.1. The central office of Roskomnadzor processes the personal data of civil servants of the central office and territorial bodies of Roskomnadzor and persons related to them (property), in connection with the consideration of the issue of providing a one-time subsidy for the purchase of residential premises.

3.2. The list of personal data subject to processing in connection with the provision of a one-time subsidy for the purchase of residential premises is determined by the Decree of the Government of the Russian Federation "On the provision of federal state civil servants with a one-time subsidy for the acquisition of residential premises", and includes:

3.2.1. surname, name, patronymic;

3.2.2. type, series, number of the identity document, name of the authority that issued it, date of issue;

3.2.3. address of place of residence (address of permanent registration, address of temporary registration, address of actual place of residence);

3.2.4. information about the composition of the family;

3.2.5. personal data contained in an extract from the house book, copies of the financial personal account, marriage certificates, birth certificates of the child (children), work book, documents confirming the ownership of a civil servant and (or) members of his family of residential premises, except for the residential premises in which they are registered (with the provision, if necessary, of their originals), a document confirming the right to an additional area of \u200b\u200bthe residential premises;

3.2.6. other personal data provided for by the legislation of the Russian Federation.

3.3. Processing of personal data of civil servants of Roskomnadzor when registering for obtaining lump sum payment is carried out on the basis of an application of a civil servant submitted to the head of Roskomnadzor to the Roskomnadzor Commission for Considering Registration of Federal State Civil Servants in order to receive a one-time subsidy for the purchase of residential premises (hereinafter referred to as the Roskomnadzor Commission).

3.4. The processing of personal data of state employees of Roskomnadzor in connection with the provision of a one-time subsidy for the purchase of residential premises, in particular, the collection, recording, systematization, accumulation and clarification (updating, changing) of personal data, is carried out by officials of the central office of Roskomnadzor, who are part of the Roskomnadzor Commission, by :

3.4.1. obtaining the originals of the required documents;

3.4.2. providing duly certified copies of documents.

3.5. The Roskomnadzor Commission has the right to check the information contained in the documents submitted by civil servants of Roskomnadzor on the existence of the conditions necessary for registering a civil servant in order to receive a one-time subsidy for housing.

3.6. The transfer (distribution, provision) and use of personal data of civil servants of Roskomnadzor received in connection with the provision of a one-time subsidy for the purchase of residential premises is carried out only in cases and in the manner prescribed by the legislation of the Russian Federation.

IV. Conditions and procedure for processing personal data

entities in connection with the provision of public services

and performance of state functions

4.1. In the central office of Roskomnadzor, the processing of personal data of individuals is carried out in order to provide the following public services and perform public functions:

4.1.1. organizing the reception of citizens, ensuring timely and full consideration of oral and written applications from citizens on issues within the competence of Roskomnadzor;

4.1.2. registration of mass media;

4.1.3. licensing activities for the production of copies of audiovisual works, programs for electronic computers, databases and phonograms on any type of media;

4.1.4. assignment (assignment) of radio frequencies or a radio frequency channel for radio electronic means;

4.1.5. licensing activities in the field of communications;

4.1.6. formation and maintenance of the register of federal state information systems (hereinafter referred to as the FSIS register);

4.1.7. implementation of activities to protect the rights of subjects of personal data.

4.2. Personal data of citizens who applied to the central office of Roskomnadzor in person, as well as those who sent individual or collective written applications or applications in the form electronic document, are processed for the purpose of considering these appeals, followed by notification of the applicants about the results of the consideration.

In accordance with the legislation of the Russian Federation, the appeals of citizens of the Russian Federation, foreign citizens and stateless persons are subject to consideration in the central office of Roskomnadzor.

4.3. As part of the consideration of citizens' appeals, the following personal data of applicants are subject to processing:

4.3.1. surname, name, patronymic (the last one, if available);

4.3.2. mailing address;

4.3.3. E-mail address;

4.3.4. the contact phone number indicated in the application;

4.3.5. other personal data indicated by the applicant in the appeal (complaint), as well as became known during a personal reception or in the course of consideration of the received appeal.

4.4. When registering mass media, the following personal data of applicants are processed:

4.4.1. surname, name, patronymic (the last one, if available);

4.4.2. type, series, number of the identity document, name of the authority that issued it, date of issue;

4.4.3. address of place of residence (address of permanent registration, address of temporary registration, address of actual place of residence);

4.4.4. contact phone number or information about other methods of communication.

4.5. When licensing activities for the production of copies of audiovisual works, programs for electronic computers, databases and phonograms on any type of media, the processing of the following personal data of applicants is carried out:

4.5.1. surname, name, patronymic (the last one, if available);

4.5.2. type, series, number of the identity document;

4.5.3. residence address;

4.5.4. contact phone number and, if available, email address.

4.6. When assigning (assigning) radio frequencies or a radio frequency channel for radio electronic means:

4.6.1. surname, name, patronymic (the last one, if available);

4.6.2. type, series, number of the identity document, name of the authority that issued it, date of issue;

4.6.3. residence address;

4.6.4. contact number;

4.6.5. taxpayer identification number.

4.7. As part of the licensing activities in the field of communications, the following personal data of applicants may be processed:

4.7.1. surname, name, patronymic (the last one, if available);

4.7.2. type, series, number of the identity document;

4.7.3. residence address;

4.7.4. contact phone number and, if available, email address.

4.8. As part of the formation of the FSIS register, the following personal data of applicants are processed:

4.8.1. surname, name, patronymic (the last one, if available);

4.8.2. the name of the position held;

4.8.3. contact phone number, email address.

4.9. As part of the activities to protect the rights of subjects of personal data, the processing of the following personal data of applicants is carried out:

4.9.1. surname, name, patronymic (the last one, if available);

4.9.2. type, series, number of the identity document, name of the authority that issued it, date of issue;

4.9.3. postal address of the place of residence;

4.9.4. E-mail address;

4.9.5. phone number;

4.9.6. taxpayer identification number;

4.9.7. information about work activity and details of the work book;

4.9.8. information about education, including postgraduate professional education (name and year of graduation from the educational institution, name and details of the document on education, qualification, specialty according to the document on education).

4.10. The processing of personal data required in connection with the provision of public services and the performance of public functions specified in paragraph 4.1 of this Regulation is carried out without the consent of the subjects of personal data in accordance with paragraph 4 of part 1 of Article 6 of the Federal Law "On Personal Data", the Federal Laws "On organization of the provision of state and municipal services", "On the procedure for considering applications of citizens of the Russian Federation", "On licensing certain types of activities", the Law of the Russian Federation "On the mass media" and other regulatory legal acts that determine the provision of public services and the performance of state functions in the established sphere of competence of Roskomnadzor.

4.11. The processing of personal data necessary in connection with the provision of public services and the performance of public functions specified in paragraph 4.1 of this Regulation is carried out by structural units of the central office of Roskomnadzor that provide relevant public services and (or) perform public functions, and includes the following actions: collection , recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

4.12. Collection, recording, systematization, accumulation and clarification (updating, changing) of personal data of subjects who applied to the central office of Roskomnadzor to receive public service or for the purpose of performing a public function, is carried out by:

4.12.1. obtaining the originals of the required documents (application);

4.12.2. certification of copies of documents;

4.12.3. entering information into accounting forms (on paper and electronic media);

4.12.4. entering personal data into the application software subsystems of the Unified Information System of Roskomnadzor.

4.13. Collection, recording, systematization, accumulation and clarification (updating, changing) of personal data is carried out by obtaining personal data directly from personal data subjects (applicants).

4.14. When providing a public service or performing a public function, the central office of Roskomnadzor is prohibited from requesting personal data from subjects and third parties, as well as processing personal data in cases not provided for by the legislation of the Russian Federation.

4.15. When collecting personal data, the authorized executive a structural subdivision of the central office of Roskomnadzor that receives personal data directly from personal data subjects who have applied for the provision of a public service or in connection with the performance of a public function, is obliged to explain to the said personal data subjects the legal consequences of refusing to provide personal data.

4.16. Transfer (distribution, provision) and use of personal data of applicants (subjects of personal data) by the central office of Roskomnadzor is carried out only in cases and in the manner prescribed by federal laws.

V. The procedure for processing personal data of subjects

personal data in information systems

5.1. The processing of personal data in the central office of Roskomnadzor is carried out:

5.1.1. In the "Information system of personal data of Roskomnadzor";

5.1.2. At the automated workplaces certified for the processing of personal data that are part of the "Unified Information System of Roskomnadzor";

5.1.3. In the information system "1C: Enterprise 8";

5.1.4. At automated workplaces of employees of the personnel division of Roskomnadzor.

5.2. The Roskomnadzor Personal Data Information System (hereinafter referred to as Roskomnadzor ISPD) contains personal data of Roskomnadzor civil servants, subjects (applicants) who applied to Roskomnadzor in order to receive public services or in connection with the performance of public functions, and includes:

5.2.1. personal identifier;

5.2.2. surname, name, patronymic of the subject of personal data;

5.2.3. type of document proving the identity of the subject of personal data;

5.2.4. the series and number of the document proving the identity of the subject of personal data, information on the date of issue of the said document and the authority that issued it;

5.2.5. address of the place of residence of the subject of personal data;

5.2.6. postal address of the subject of personal data;

5.2.7. contact phone, fax (if available) of the subject of personal data;

5.2.8. e-mail address of the subject of personal data;

5.2.9. TIN of the subject of personal data.

5.3. Certified in accordance with the legislation of the Russian Federation for the processing of personal data, automated workstations that are part of the "Roskomnadzor Unified Information System" (hereinafter referred to as the ARM UIS of Roskomnadzor) include personal data of subjects received by employees of the central office of Roskomnadzor as part of the provision of public services and the execution of public features and include:

5.3.1. personal identifier;

5.3.2. address of the place of residence of the subject of personal data;

5.3.3. postal address of the subject of personal data;

5.3.4. phone number of the subject of personal data;

5.3.5. fax of the subject of personal data;

5.3.6. e-mail address of the subject of personal data.

5.4. The information system "1C: Enterprise 8" and the application software subsystems "AKSIOK" and "1C Accounting" contain personal data of civil servants of the central office of Roskomnadzor and individuals who are a party civil law contracts concluded by the central office of Roskomnadzor, and includes:

5.4.1. surname, name, patronymic of the subject of personal data;

5.4.2. date of birth of the subject of personal data;

5.4.3. place of birth of the subject of personal data;

5.4.4. the series and number of the main document proving the identity of the subject of personal data, information about the date of issue of the said document and the authority that issued it;

5.4.5. address of the place of residence of the subject of personal data;

5.4.6. postal address of the subject of personal data;

5.4.7. phone number of the subject of personal data;

5.4.8. TIN of the subject of personal data;

5.4.9. personnel number of the subject of personal data;

5.4.10. position of the subject of personal data;

5.4.11. order number and date of employment (dismissal) of the subject of personal data.

5.5. Automated workplaces of employees of the personnel division of Roskomnadzor involve the processing of personal data of civil servants of Roskomnadzor, provided for in clause 2.2 of this Regulation.

5.6. Classification of personal data information systems specified in clause 5.1 of this Regulation is carried out in the manner established by the legislation of the Russian Federation.

5.7. Civil servants of structural divisions of the central office of Roskomnadzor, who have the right to process personal data in the information systems of the central office of Roskomnadzor, are provided with a unique login and password to access the relevant information system of Roskomnadzor. Access is provided to application software subsystems in accordance with the functions provided for by the job regulations of civil servants of Roskomnadzor.

Information can be entered both automatically, upon receipt of personal data from the Unified Portal of Public Services or the official website of Roskomnadzor, and in manual mode, upon receipt of information on paper or in another form that does not allow its automatic registration.

5.8. Ensuring the security of personal data processed in the information systems of personal data of the central office of Roskomnadzor is achieved by eliminating unauthorized, including accidental, access to personal data, as well as by taking the following security measures:

5.8.1. identification of threats to the security of personal data during their processing in information systems of personal data of the central office of Roskomnadzor;

5.8.2. application of organizational and technical measures to ensure the security of personal data during their processing in the information systems of personal data of the central office of Roskomnadzor, necessary to meet the requirements for the protection of personal data, the implementation of which ensures the levels of protection of personal data established by the Government of the Russian Federation;

5.8.3. application of procedures for assessing the conformity of information security tools that have passed in the prescribed manner;

5.8.4. assessment of the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the personal data information system;

5.8.5. accounting of machine carriers of personal data;

5.8.6. detection of facts of unauthorized access to personal data and taking measures;

5.8.7. recovery of personal data, modified or deleted, destroyed due to unauthorized access to them;

5.8.8. establishing rules for access to personal data processed in the information systems of personal data of the central office of Roskomnadzor, as well as ensuring the registration and accounting of all actions performed with personal data in the information systems of personal data of the central office of Roskomnadzor;

5.8.9. control over the measures taken to ensure the security of personal data and the levels of security of personal data information systems.

5.9. Structural division of Roskomnadzor responsible for providing information security in the central office of Roskomnadzor, organizes and controls the accounting of material carriers of personal data.

5.10. The structural subdivision of the central office of Roskomnadzor, responsible for ensuring the security of personal data during their processing in the information systems of personal data of the central office of Roskomnadzor, must ensure:

5.10.1. timely detection of facts of unauthorized access to personal data and immediate communication of this information to the person responsible for organizing the processing of personal data in the central office of Roskomnadzor and the head of Roskomnadzor;

5.10.2. avoiding impact on technical means automated processing of personal data, as a result of which their functioning may be disrupted;

5.10.3. the possibility of recovering personal data modified or destroyed due to unauthorized access to them;

5.10.4. constant monitoring of ensuring the level of protection of personal data;

5.10.5. knowledge of and compliance with the conditions for the use of information security tools provided for by operational and technical documentation;

5.10.6. taking into account the means of information protection, operational and technical documentation to them, carriers of personal data;

5.10.7. upon detection of violations of the procedure for providing personal data, immediately suspend the provision of personal data to users of the personal data information system until the causes of violations are identified and these causes are eliminated;

5.10.8. investigation and drawing up conclusions on the facts of non-compliance with the conditions of storage of material carriers of personal data, the use of information security tools that may lead to a violation of the confidentiality of personal data or other violations leading to a decrease in the level of protection of personal data, the development and adoption of measures to prevent possible dangerous consequences of such violations .

5.11. The structural subdivision of the central office of Roskomnadzor, responsible for ensuring the functioning of personal data information systems in the central office of Roskomnadzor, accepts all necessary measures on the restoration of personal data, modified or deleted, destroyed due to unauthorized access to them.

5.12. The exchange of personal data during their processing in the information systems of personal data of the central office of Roskomnadzor is carried out through communication channels, the protection of which is ensured by implementing the appropriate organizational measures and through the use of software and hardware.

5.13. Access of civil servants of Roskomnadzor to personal data located in the information systems of personal data of the central office of Roskomnadzor provides for the mandatory passage of the identification and authentication procedure.

5.14. In case of violations of the procedure for processing personal data in the information systems of personal data of the central office of Roskomnadzor, authorized officials immediately take measures to establish the causes of violations and eliminate them.

VI. Processing of personal data within the framework

interdepartmental information interaction

using unified system interdepartmental

electronic interaction

6.1. Roskomnadzor, in accordance with the legislation of the Russian Federation, processes personal data within the framework of interdepartmental electronic information exchange in in electronic format with federal government bodies using a unified system of interdepartmental electronic interaction (hereinafter - SMEV).

6.2. Roskomnadzor, within the framework of SMEV, on the basis of interdepartmental requests received, sends information, including personal data of subjects processed in the central office of Roskomnadzor, to the following federal executive authorities:

6.2.1. in federal agency communications - last name, first name, patronymic, taxpayer identification number of the holder of a license to carry out activities for the provision of communications services;

6.2.2. to the Ministry of Internal Affairs of the Russian Federation - the surname, name, patronymic, taxpayer identification number of the owner of the permit for the use of radio frequencies;

6.2.3. to the Federal Agency for Press and Mass Communications, the Federal customs service- surname, name, patronymic of the founder of the mass media.

6.3. Roskomnadzor, within the framework of SMEV, has the right to send interdepartmental requests for information, including personal data of subjects, to the following federal executive authorities:

6.3.1. to the Federal Tax Service - on the provision of information from the Unified State Register of Legal Entities and the Unified State Register of Individual Entrepreneurs (information about the founders - individuals);

6.3.2. in Federal Service state registration, cadastre and cartography - on the provision of information from the Unified State Register of Rights to real estate in relation to right holders (last name, first name, patronymic, date of birth, series and number of the main identity document, place of birth, residential address, citizenship);

6.3.3. to the Ministry of the Russian Federation for Affairs civil defense, emergency situations and liquidation of consequences of natural disasters - on providing the surname, name, patronymic of the shipowner.

6.4. The processing of personal data is also carried out by Roskomnadzor in the implementation of electronic interaction with federal state unitary enterprises of the radio frequency service subordinate to Roskomnadzor within the framework of the powers provided for by the legislation of the Russian Federation.

VII. Terms of processing and storage of personal data

7.1. The terms for processing and storing personal data of civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, are determined in in accordance with the legislation of the Russian Federation. Taking into account the provisions of the legislation of the Russian Federation, the following terms for processing and storing personal data of civil servants are established:

7.1.1. Personal data contained in orders for the personnel of Roskomnadzor civil servants (on admission, on transfer, on dismissal, on the establishment of allowances) are subject to storage in the personnel division of Roskomnadzor for two years, with the subsequent formation and transfer of these documents to the archive of the central office of Roskomnadzor or state archive in the manner prescribed by the legislation of the Russian Federation, where they are stored for 75 years.

7.1.2. Personal data contained in the personal files of civil servants of Roskomnadzor (copies of personal files of heads of territorial bodies of Roskomnadzor) and heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as personal cards of civil servants of Roskomnadzor, are stored in the personnel division of Roskomnadzor for ten years, with subsequent formation and transfer of the specified documents to the archive of the central office of Roskomnadzor or the state archive in the manner prescribed by the legislation of the Russian Federation, where they are stored for 75 years.

7.1.3. Personal data contained in orders for incentives, financial assistance civil servants of Roskomnadzor are subject to storage for two years in the personnel division of Roskomnadzor with the subsequent formation and transfer of these documents to the archive of the central office of Roskomnadzor or the state archive in the manner prescribed by the legislation of the Russian Federation, where they are stored for 75 years.

7.1.4. Personal data contained in orders for granting vacations, short-term domestic and foreign business trips, and disciplinary sanctions against civil servants of Roskomnadzor shall be stored in the personnel department of Roskomnadzor for five years with subsequent destruction.

7.1.5. Personal data contained in the documents of applicants for filling a vacant civil service position in the central office of Roskomnadzor who were not allowed to participate in the competition, and candidates who participated in the competition, are stored in the personnel department of Roskomnadzor for 3 years from the date of completion of the competition, after which they are subject to destruction .

7.2. The terms for processing and storing personal data provided by personal data subjects to the central office of Roskomnadzor in connection with the receipt of public services and the performance of public functions specified in clause 4.1 of this Regulation are determined by regulatory legal acts regulating the procedure for their collection and processing.

7.3. Personal data of citizens who applied to the central office of Roskomnadzor in person, as well as those who sent individual or collective written applications or applications in the form of an electronic document, are stored for five years.

7.4. Personal data provided by subjects on paper in connection with the provision of public services by the central office of Roskomnadzor and the performance of public functions are stored on paper in the structural divisions of the central office of Roskomnadzor, whose powers include the processing of personal data in connection with the provision of a public service or the performance of a public function , in accordance with the approved regulations on the relevant structural divisions of the central office of Roskomnadzor.

7.5. Personal data during their processing carried out without the use of automation tools should be separated from other information, in particular by fixing them on different material carriers of personal data, in special sections or on the fields of forms (forms).

7.6. It is necessary to ensure separate storage of personal data on different material media, the processing of which is carried out for various purposes defined by this Regulation.

7.7. Control over the storage and use of physical media of personal data, which does not allow unauthorized use, clarification, distribution and destruction of personal data located on these media, is carried out by the heads of structural divisions of the central office of Roskomnadzor.

7.8. The period of storage of personal data entered into the personal data information systems of Roskomnadzor specified in clause 5.1 of this Regulation must correspond to the period of storage of paper originals.

VIII. The procedure for the destruction of personal data

when the purposes of processing are achieved or when

other legal grounds

8.1. The structural subdivision of the central office of Roskomnadzor, responsible for document management and archiving, systematically controls and allocates documents containing personal data, with expired storage to be destroyed.

8.2. The issue of the destruction of selected documents containing personal data is considered at a meeting of the Central Expert Commission of Roskomnadzor (hereinafter referred to as the CEC of Roskomnadzor), the composition of which is approved by order of Roskomnadzor.

Based on the results of the meeting, a protocol and an Act on the allocation of documents for destruction, an inventory of the destroyed files are drawn up, their completeness is checked, the act is signed by the chairman and members of the CEC of Roskomnadzor and approved by the head of Roskomnadzor.

8.3. The central office of Roskomnadzor, in accordance with the procedure established by the legislation of the Russian Federation, determines a contracting organization that has the necessary production base to ensure the established procedure for the destruction of documents. An official of the central office of Roskomnadzor responsible for archival activities accompanies documents containing personal data to the contractor's production base and is present during the procedure for destroying documents (burning or chemical destruction).

8.4. Upon completion of the destruction procedure, the contractor and the official of the central office of Roskomnadzor responsible for archival activities draw up an appropriate Act on the destruction of documents containing personal data.

8.5. Destruction at the end of the period for processing personal data on electronic media is carried out by mechanically violating the integrity of the media, which does not allow reading or restoring personal data, or by deleting from electronic media by methods and means of guaranteed removal of residual information.

IX. Consideration of requests from personal data subjects

or their representatives

9.1. Civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor and who have submitted documents for participation in the competition, persons filling positions of heads of directors of federal state unitary enterprises subordinate to Roskomnadzor, citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, civil servants of the central office and territorial bodies of Roskomnadzor and persons related to them (property) who applied for a one-time subsidy for the purchase of housing, as well as citizens whose personal data is processed in the central office of Roskomnadzor in connection with the provision of public services and the implementation public functions, have the right to receive information regarding the processing of their personal data, including information containing:

9.1.1. confirmation of the fact of personal data processing in the central office of Roskomnadzor;

9.1.2. legal grounds and purposes of personal data processing;

9.1.3. methods of processing personal data used in the central office of Roskomnadzor;

9.1.4. the name and location of the central office of Roskomnadzor, information about persons (with the exception of civil servants of the central office of Roskomnadzor) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the central office of Roskomnadzor or on the basis of federal law;

9.1.5. processed personal data relating to the relevant subject of personal data, the source of their receipt, unless a different procedure for the submission of such data is provided by federal law;

9.1.6. terms of personal data processing, including the terms of their storage in the central office of Roskomnadzor;

9.1.7. the procedure for the exercise by the subject of personal data of the rights provided for by the legislation of the Russian Federation in the field of personal data;

9.1.8. information about the completed or proposed cross-border data transfer;

9.1.9. the name of the organization or the surname, name, patronymic and address of the person processing personal data on behalf of the central office of Roskomnadzor, if the processing is or will be entrusted to such an organization or person;

9.1.10. other information provided for by the legislation of the Russian Federation in the field of personal data.

9.2. The persons specified in paragraph 9.1 of this Regulation (hereinafter referred to as personal data subjects) have the right to demand from the central office of Roskomnadzor the clarification of their personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights.

9.3. The information specified in subparagraphs 9.1.1 - 9.1.10 of paragraph 9.1 of these Regulations must be provided to the subject of personal data by the operator in an accessible form, and they should not contain personal data related to other subjects of personal data, unless there are legitimate grounds for disclosing such personal data.

9.4. The information specified in subparagraphs 9.1.1 - 9.1.10 of paragraph 9.1 of this Regulation is provided to the subject of personal data or his representative by an authorized official of the structural unit of the central office of Roskomnadzor that processes the relevant personal data when applying or upon receipt of a request from the subject of personal data or his representative . The request must contain:

9.4.1. number of the main document proving the identity of the subject of personal data or his representative, information on the date of issue of the said document and the authority that issued it;

9.4.2. information confirming the participation of the subject of personal data in legal relations with the central office of Roskomnadzor by the operator (a document confirming the acceptance of documents for participation in the competition for filling vacancies in the civil service, the provision of public services by the central office of Roskomnadzor or the exercise of a state function), or information otherwise confirming the fact of processing personal data in the central office of Roskomnadzor, the signature of the personal data subject or his representative. The request can be sent in the form of an electronic document and signed electronic signature in accordance with the legislation of the Russian Federation.

9.5. If the information specified in subparagraphs 9.1.1 - 9.1.10 of paragraph 9.1 of these Regulations, as well as the personal data being processed, was provided for review to the subject of personal data at his request, the subject of personal data has the right to apply again to the central office of Roskomnadzor or send a second request for the purpose of obtaining the specified information and familiarization with such personal data no earlier than thirty days after the initial request or the initial request, unless a shorter period is established by federal law adopted in accordance with it; legal act or an agreement to which the subject of personal data is a party or beneficiary or guarantor.

9.6. The subject of personal data has the right to apply again to the central office of Roskomnadzor or send a second request in order to obtain the information specified in subparagraphs 9.1.1 - 9.1.10 of paragraph 9.1 of this Regulation, as well as in order to familiarize themselves with the processed personal data before the expiration of the period specified in paragraph 9.5 of this Regulation, if such information and (or) processed personal data were not provided to him for review in full based on the results of consideration of the initial application. A repeated request, along with the information specified in paragraph 9.4 of these Regulations, must contain a rationale for sending re-request.

9.7. The central office of Roskomnadzor (an authorized official of the central office of Roskomnadzor) has the right to refuse the subject of personal data to fulfill a repeated request that does not meet the conditions provided for in paragraphs 9.5 and 9.6 of these Regulations. Such refusal must be motivated.

9.8. The right of the subject of personal data to access his personal data may be limited in accordance with federal laws, including if the access of the subject of personal data to his personal data violates the rights and legitimate interests of third parties.

X. Person responsible for organizing the processing

personal data in the central office of Roskomnadzor

10.1. The person responsible for organizing the processing of personal data in the central office of Roskomnadzor (hereinafter referred to as the Person Responsible for the processing of personal data in Roskomnadzor) is appointed by the head of Roskomnadzor from among civil servants belonging to the highest and (or) main group of positions of the category "heads" of the central office of Roskomnadzor in accordance with the distribution responsibilities.

10.2. The person responsible for the processing of personal data of Roskomnadzor in his work is guided by the legislation of the Russian Federation in the field of personal data and this Regulation.

10.3. The person responsible for the processing of personal data of Roskomnadzor is obliged to:

10.3.1. organize the adoption of legal, organizational and technical measures to ensure the protection of personal data processed in the central office of Roskomnadzor from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data;

10.3.2. realize internal control for the observance by civil servants of the central office of Roskomnadzor of the requirements of the legislation of the Russian Federation in the field of personal data, including the requirements for the protection of personal data;

10.3.3. bring to the attention of civil servants of the central office of Roskomnadzor the provisions of the legislation of the Russian Federation in the field of personal data, local acts on the processing of personal data, requirements for the protection of personal data;

10.3.4. organize the reception and processing of applications and requests from personal data subjects or their representatives, as well as to monitor the receipt and processing of such applications and requests in the central office of Roskomnadzor;

10.3.5. in the event of a violation in the central office of Roskomnadzor of the requirements for the protection of personal data, take the necessary measures to restore the violated rights of personal data subjects.

10.4. The person responsible for the processing of personal data has the right to:

10.4.1. have access to information regarding the processing of personal data in the central office of Roskomnadzor and including:

10.4.1.1. the purposes of processing personal data;

10.4.1.4. legal grounds for the processing of personal data;

10.4.1.5. a list of actions with personal data, a general description of the methods of processing personal data used in the central office of Roskomnadzor;

10.4.1.6. a description of the measures provided for by Articles 18.1 and 19 of the Federal Law "On Personal Data", including information on the availability of encryption (cryptographic) means and the names of these means;

10.4.1.7. date of commencement of personal data processing;

10.4.1.8. the term or conditions for terminating the processing of personal data;

10.4.1.9. information about the presence or absence of cross-border transfer of personal data in the process of their processing;

10.4.1.10. information on ensuring the security of personal data in accordance with the requirements for the protection of personal data established by the Government of the Russian Federation;

10.4.2. involve in the implementation of measures aimed at ensuring the security of personal data processed in the central office of Roskomnadzor, other civil servants of the central office of Roskomnadzor with the assignment of appropriate duties and responsibility to them.

10.5. The person responsible for the processing of personal data in the central office of Roskomnadzor is responsible for the proper performance of the assigned functions for organizing the processing of personal data in the central office of Roskomnadzor in accordance with the provisions of the legislation of the Russian Federation in the field of personal data.

Publication time: 02/06/2018 16:03
Last modified: 02/06/2018 16:05