• Features of the order for employment: adult and minor workers T 1 frames
• On what basis is the regulation
• Scenario of the fairy tale-staging "Turnip" (an old fairy tale in a new way) plan-outline of the lesson (senior group) on the topic The fairy tale turnip remade in a modern way
• DIY Vintage Style Collage DIY Photo Collage Examples
• Presentation for the lesson of literary reading "two frosts"
• Presentation "Religious extremism
• Chemistry presentation on the topic "Pure substances and mixtures
• Okvad medical activity
• How to plan an event?
• The history of MMK: from the first five-year plans to the present day

1. The processing of personal data must be carried out in compliance with the principles and rules provided for by this Federal Law. The processing of personal data is allowed in the following cases:

1) the processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data;

2) the processing of personal data is necessary to achieve the goals provided for by an international agreement Russian Federation or by law, for the implementation and fulfillment of the functions, powers and duties assigned to the operator by the legislation of the Russian Federation;

3) the processing of personal data is carried out in connection with the participation of a person in constitutional, civil, administrative, criminal proceedings, proceedings in arbitration courts;

3.1) the processing of personal data is necessary for the execution of a judicial act, an act of another body or official subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings (hereinafter referred to as the execution of a judicial act);

4) the processing of personal data is necessary for the exercise of the powers of federal executive bodies, bodies of state extra-budgetary funds, executive bodies state authorities of the constituent entities of the Russian Federation, local governments and the functions of organizations involved in the provision of state and municipal services, respectively, provided for by Federal Law No. a single portal of state and municipal services and (or) regional portals of state and municipal services;

(see text in previous edition)

5) the processing of personal data is necessary for the performance of an agreement to which the subject of personal data is a party or beneficiary or guarantor, as well as to conclude an agreement on the initiative of the subject of personal data or an agreement under which the subject of personal data will be the beneficiary or guarantor;

(see text in previous edition)

6) the processing of personal data is necessary to protect the life, health or other vital interests of the subject of personal data, if obtaining the consent of the subject of personal data is impossible;

7) the processing of personal data is necessary for the implementation of the rights and legitimate interests of the operator or third parties, including in cases provided for by the Federal Law "On the Protection of Rights and Legitimate Interests individuals when carrying out activities to return overdue debts and on amending the Federal Law "On Microfinance Activities and Microfinance Organizations", or to achieve socially significant goals, provided that the rights and freedoms of the subject of personal data are not violated;

(see text in previous edition)

8) the processing of personal data is necessary for the professional activities of a journalist and (or) the legitimate activities of the mass media or scientific, literary or other creative activity provided that this does not violate the rights and legitimate interests of the subject of personal data;

9) the processing of personal data is carried out for statistical or other research purposes, with the exception of the purposes specified in Article 15 of this federal law, subject to mandatory depersonalization of personal data;

10) processing of personal data is carried out, access of an unlimited number of persons to which is provided by the subject of personal data or at his request (hereinafter referred to as personal data made public by the subject of personal data);

11) processing of personal data subject to publication or mandatory disclosure in accordance with federal law is carried out.

1.1. The processing of personal data of objects of state protection and members of their families is carried out taking into account the features provided for by the Federal Law of May 27, 1996 N 57-ФЗ "On State Protection".

2. Features of the processing of special categories of personal data, as well as biometric personal data, are established accordingly and this Federal Law.

3. The operator has the right to entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by federal law, on the basis of an agreement concluded with this person, including a state or municipal contract, or by adopting a relevant act by a state or municipal body (hereinafter - instructions of the operator). A person who processes personal data on behalf of the operator is obliged to comply with the principles and rules for the processing of personal data provided for by this Federal Law. The operator's instruction must define a list of actions (operations) with personal data that will be performed by the person processing personal data and the purposes of processing, the obligation of such a person to maintain the confidentiality of personal data and ensure the security of personal data during their processing, as well as the requirements for the protection of processed personal data must be specified in accordance with Article 19 of this Federal Law.

4. The person processing personal data on behalf of the operator is not required to obtain the consent of the subject of personal data to the processing of his personal data.

5. If the operator entrusts the processing of personal data to another person, the operator shall be liable to the subject of personal data for the actions of the said person. The person who processes personal data on behalf of the operator is liable to the operator.

Work with personal information must be carried out in strict accordance with the law. In particular, one of the fundamental principles for the processing of personal information is the strict observance of the purposes of use stated in the permission from the owner and the volumes specified in it.

The concept of personal data and the principles of their processing

One of the provisions establishes a requirement according to which all personal information about citizens of the Russian Federation must be located on servers located on the territory of the country. It is not allowed to replenish your information on the basis of that taken from sites located outside Russian borders.

In a situation where a person considers any messages about him to be untrue, he can contact the operator (in accordance with Article 14 of Law 152-FZ) with a request to delete or correct them accordingly.

In case of refusal, such a person has the right to apply to the court.

Consent to the processing of personal data

Such a document must contain following sections:

1. The document indicates who expresses consent, passport data are indicated.
2. The name of the operator to whom the permission is given is given.
3. Write for what purposes of processing consent is given.
4. Specifically, a list of data is listed, for the processing of which permission is given.
5. All operations with them in question are listed.
6. The period of validity of the permit.
7. The signature is put, its transcript and date.

A permit drawn up according to the model gives permission only for what is specifically indicated in it.

The use of the information in question is necessary for:

1. Document management in the HR department.
2. Conclusion of contracts and performance of other legal actions.
3. In connection with the implementation of the requirements of tax legislation.
4. Other purposes of a similar kind.

In doing so, it should be noted that:

• in each such case, the receipt of information is determined by regulatory enactments;
• it is carried out in a certain composition, volume, for a specific period and only to fulfill the stated goals.

Examples of Purposeful Use of Personal Information

In various areas of the economy and public life, the personal data of citizens is vital.

AT medical institution it is important to know the details of a person's health throughout his life. In this case, the owner of personal information is the patient. The operator who uses them is a clinic or other medical institution. She is required to obtain permission from Roskomnadzor for processing. If the polyclinic transmits data, for example, to a specialized hospital, it must obtain the written consent of the citizen.

For bank it is vital when granting a loan to reasonably assume whether the applicant will be able to repay the money lent or does not have suitable financial resources. This will require details about income, employment, family composition and some others. The owner of the information is the client. The bank is the operator that carries out the processing. The client has the right to revoke permission to use information about him. The purpose of working with information is to ensure compliance with the requirements of the banking legislation of the Russian Federation.

It is impossible to do without providing this or similar information. But at the same time, it is important that its use does not violate the requirements of current regulations.

Rules and principles for working with information

It can be understood that it is impossible for a random person to obtain source texts directly from anonymized information. However, this organization itself will be able to restore it later.

Violations related to misuse of personal data

Starting from July 1, 2017, the Code of Administrative Offenses was amended to determine liability for violating Law No. 152-FZ. In case of violation of the established rules, the law provides for appropriate penalties.

If information is collected in cases where for this there is no legal basis or the processing is carried out for illegal purposes, a fine is imposed. For individuals, the amount will be from 1 to 3 thousand rubles, officials will pay from 5 to 10 thousand rubles, enterprises - from 30 to 50 thousand rubles.

If there was disclosure of information, the penalty is charged in connection with each individual such case. It can be from 500 to 1000 rubles. from the employee whose fault the violation occurred. If we are talking about an organization that is responsible for what happened, then the amount increases. Now it can be from 5 to 10 thousand rubles.

The regulation in question states that Compliance with the provisions of the law 152-FZ should be monitored by Roskomnadzor. Prior to the processing under Article 22 of the Personal Data Protection Act, he must send a notification there. In particular, he conducts appropriate checks and, if violations are detected, issues an order on the shortcomings that need to be eliminated. If order not executed, a fine is imposed on the guilty person, which can be 20 thousand rubles.

The author of the next video will tell you how to properly organize work with other people's data.

This information is any action or operation with the personal data of the subject: collection, recording, systematization, accumulation, storage, clarification, extraction, use, transfer, depersonalization, blocking, deletion, destruction.

Why collect information about the subject and give consent to its analysis?

For client/patient

Information about the state of health of a citizen belongs to a special category of personal data. According to Part 2, Clause 4, Art. 10 of the Federal Law No. 152, the processing of such information is allowed without the consent of the subject, provided that it is carried out for the purposes of:

• establishing a diagnosis;
• disease prevention;
• provision of medical and medical-social services.

This rule is true for situations where the processing is carried out by a professional doctor who is obliged to keep medical secrets in accordance with the legislation of the Russian Federation.

Exceptions are those situations where it is impossible to obtain consent, but is necessary to protect the life or health of the patient.

If a person uses any service - concludes an agreement, draws up a loan - that is, he is a client, personal information about him can also be processed in accordance with Federal Law No. 152.

Customer data can be used to:

1. Provision of consulting, information and mediation services.
2. Conclusion and execution of the contract with the client.
3. Doing personnel work and accounting services.
4. Other transactions not prohibited by the legislation of the Russian Federation.

For an organization employee

The employer has the right to his employees, it is enshrined in Art. 22 FZ No. 152. Purposes of personal data processing in the organization:

• Registration of civil law contracts with citizens, provided for by the Legislation of the Russian Federation and the Charter of the enterprise.
• Personnel records, compliance with laws and, registration of obligations under labor and civil law contracts.
• Assistance with employment, education or promotion, registration and use of benefits.
• Ensuring the personal safety of the employee and the safety of property.
• Compliance with the requirements of tax and pension legislation when calculating contributions for pension insurance.
• Formation of statistics in accordance with the Labor, Tax Codes and federal laws.
• Control of the work performed by the employee.

(Article 86 of the "Labor Code of the Russian Federation" dated December 30, 2001 No. 197-FZ). Personal information about an employee that is classified as "special" is not subject to processing by the employer.

The validity period of the Consent to the processing of personal data must be established, it can be a specific date or event, for example, dismissal or withdrawal of consent by an employee.

Examples

Banking

Bank "Financial". The purpose of processing the client's personal data is to carry out banking and other operations, including:

1. Opening and maintaining bank accounts.
2. Translation Money on bank accounts.
3. Transfer of funds from individuals - individuals and legal entities without opening a bank account.
4. Purchase and sale of foreign currency.
5. Provision of consulting and information services, including through an e-mail address.

Medical organization

Medical organization "Health". Purpose of processing:

• Organization of medical care.
• Issuance of concessionary prescriptions.
• Payment of bills in the CHI and VHI system.
• Use for statistics and research work.
• Informing via SMS notification about the results of analyzes, ongoing promotions and the work schedule of specialists.

Conclusion

With, a client or a patient, not everything is as simple as it seems at first glance. Just like that, without consent and warning, they cannot be transferred to third parties or used for those purposes with which the subject does not agree. If a person is faced with the fact that his personal data has been leaked, he can always apply to Roskomnadzor or to the court.

Didn't find an answer to your question? Find out, how to solve your problem - call right now:

The company cannot do without obtaining personal information from employees, customers and contractors. We need names, addresses, other information. However, the company has the right to process personal data only for specific purposes. Any other use of the data is a violation that will result in administrative action.

The purposes for which information is requested must comply with the law and the needs of the company

In the course of doing business, a company deals with information that needs to be protected. Confidential information includes information about technologies, projects, developments, the specifics of transactions, etc. The law also obliges to protect information about people who work for the company, are its clients or represent contractors. The “On Personal Data” is in force in pursuance of the constitutional principle of protecting privacy (Article 2 of Law No. 152). The requirements of the law apply to any organizations that receive data from their subjects (Article 1 of Law No. 152).

A company that starts processing personal data has the right to request them only for certain purposes (Part 2, Article 5 of Law No. 152). In addition, the amount of data depends on the goals. You cannot request information that the company does not need (parts 4 and 5 of article 5 of law No. 152). For example, an online store does not have the right to demand passport data from the buyer or ask for a postal address if the client picks up the goods at his own expense.

The company itself determines the purposes of processing personal data of customers and employees

Why exactly the information was required is determined by the company (clause 2, article 3 of law No. 152). As a rule, the organization requests personal data of customers, counterparties, employees in order to:

1. Conclusion of contracts. These can be contracts with consumers of the company's services or goods, with other types of customers, with business partners, labor agreements, etc. For any contract that the company is going to sign, personal data will be required - an employee who acts in its interests, a representative counterparty or the counterparty itself, if it is a private person. Including data is needed so that the company can fulfill its obligations.
2. Systematization of information about personnel, personnel records and office work. Employee data is required not only for the conclusion of employment contracts, but also for all other operations within the framework of the employment relationship.
3. Compliance with the requirements of the law on the deduction of taxes to the budget, insurance premiums, etc. The company withholds personal income tax, contributions from employees and transfers these amounts to the state, the Pension Fund of the Russian Federation and other organizations (Article 22 of Law No. 152, Article 86 of the Labor Code of the Russian Federation).
4. Formation of statistics. For this, the data must be depersonalized (clause 9, part 1, article 6 of law No. 152).

Guest, get acquainted -!

The company is obliged to notify the subject of personal data about the purposes of processing

The company is obliged to notify the employee or client of the purpose for which it requests his personal data for processing (clause 4, part 4, article 9 of Law No. 152). This is done as part of obtaining consent to provide information. The list of goals should:

• be comprehensive and specific;
• comply with the provisions of the charter, as well as local acts of the organization;
• correspond to what goals the company actually pursues.

For example, the bank requests information from the client. The purpose of the processing is to maintain his account, including:

• account opening,
• account management,
• operations for transferring funds from and to the account,
• client consultation.

Another example of information is the listing of the purposes of processing personal data of employees in the company's policy. The organization confirms that the information is used:

• when working with resumes of applicants;
• to fulfill the company's obligations under an employment agreement;
• to comply with labor, tax and pension laws;
• to organize training of employees, improve their professional level;
• when calculating and calculating salaries;
• to control the quality of work of employees;
• when providing various guarantees and benefits, etc.

Consent to processing must be obtained from the data subject in almost all cases. If the purpose of the collection is to promote the company on the market or political campaigning, the operator must prove that the person has given consent (Part 1, Article 15 of Law No. 152). Otherwise, it is considered that it was not requested.

In addition to the agreement with the employee or client, the purpose of obtaining data must be reflected in a special document - the company's policy on working with such data. It must be a public document. As a rule, it is published on the organization's website in a special section.

Professional help system for lawyers, where you will find the answer to any, even the most complex question.

In accordance with Part 2 of Art. 85 of the Labor Code of the Russian Federation processing of personal data of an employee - is the receipt, storage, combination, transfer or any other use of the employee's personal data.

The processing of the employee's personal data may be carried out solely for the purpose of ensuring compliance with laws and other regulatory legal acts, assisting the employee in employment, training and promotion, ensuring metropolitan security, as well as controlling the quantity and quality of work performed by him and ensuring the safety of property (clause 1 article 86 of the Labor Code of the Russian Federation).

According to paragraph 3 of Art. 3 of the Federal Law “On Personal Data”, the processing of personal data is actions (operations) with personal data, including collection, systematization, accumulation, storage, clarification (updating, changing), use, distribution (including transfer), depersonalization, blocking , destruction of personal data. It should be borne in mind that regardless of the number of functional operations listed in the legislation, legal regulation should cover all stages of the processing of personal data - from receipt to destruction, without any exceptions and exceptions.

The said Law refers to the principles of personal data processing as follows:

• lawfulness of the purposes and methods of processing and good faith;
• compliance of the purposes of processing with the purposes predetermined and declared during the collection of personal data, as well as the authority of the operator;
• compliance of the volume and nature of the processed data, methods of processing with the purposes of their processing;
• the reliability of personal data, their sufficiency for the purposes of processing, the inadmissibility of processing personal data that is not related to the purposes stated during the collection of data;
• the inadmissibility of combining databases created for incompatible purposes information systems personal data.

The processing of personal data of an employee begins with their receipt. As a general rule, all personal data should be obtained from the employee himself. In exceptional cases, when the employee's personal data can only be obtained from a third party, the employee must be notified of this in advance and written consent must be obtained from him. The employer is obliged to inform the employee about the purposes, alleged sources and methods of obtaining personal data, as well as the nature of the personal data to be obtained and the consequences of the employee's refusal to give written consent to receive them (clause 3 of article 86 of the Labor Code of the Russian Federation). However, the employer does not have the right to receive and process the personal data of the employee about his political, religious and other beliefs and private life (clause 4 of article 86 of the Labor Code of the Russian Federation). Also, the employer cannot request information about the health status of the employee, if this does not apply to resolving the issue of the employee's ability to perform a labor function (Article 88 of the Labor Code of the Russian Federation).

The Labor Code of the Russian Federation imposes separate requirements on the organization and technology of processing personal data by the employer. The obligation to familiarize employees and their representatives against signature with the documents of the employer establishing the procedure for processing personal data of employees, as well as their rights and obligations in this area, implies the need to develop and adopt an appropriate local regulatory legal act. Such an act, depending on the specifics of the activity and the discretion of the employer, may be referred to as a regulation or instruction and, as a rule, includes the following sections:

• basic concepts and provisions;
• processing of personal data of an employee;
• formation of personal data of the employee;
• accounting, storage and transfer of personal data of an employee;
• the rights and obligations of the employee in the field of processing and protection of his personal data.

Such a local regulatory legal act determines the confidentiality regime (limited access) of the employee's personal data with a specific employer. Employees of the employer who receive the personal data of the employee are required to comply with this regime, which must be indicated not only in their job descriptions, but also in the employment contracts. The regulation (instruction) on the protection of personal data is the main document reflecting the specifics of the processing and transfer of personal data of an employee within a particular organization, at a certain individual entrepreneur. If there is an automated component within the framework of this activity, the employer does not have the right to make decisions regarding the employee based on personal data obtained solely as a result of their automated processing or electronic receipt (clause 6 of article 86 of the Labor Code of the Russian Federation). An employer may not be limited to adopting a provision on the protection of personal data of employees in his organization. However, the presence of this local act is mandatory, and its absence is considered by the state labor inspectorate as a serious violation of labor legislation.

For this and other violations of the rules governing the receipt, processing and employee, the employer may bring the perpetrators to material, disciplinary liability, and the relevant state bodies - to civil, administrative and criminal.

• Marketing Market Research: Methods and Analysis
• The ABCs of Lean Manufacturing - Visual Management Stages of Visual Management Implementation
• How to develop your business from scratch: a real example What is needed for the development of production
• KPI, key performance indicators, what is it?
• Whiplash "Effect": Causes, Consequences, and How to Overcome
• Marvin Heemeyer - America's Last Hero
• Marvin Heemeyer - America's Last Hero
• The history of the emergence of the technique of weaving from foil "FOILART
• The procedure for approving the rules of internal labor regulations
• HR documents - work plans ok

• Salary supplements for seniority
• We open our own optics salon
• Business on new cars, or how to open a car dealership
• The organization of the production of cinder blocks is one of the most popular types of business. How much money is needed to open a business for the production of cinder blocks
• Production of cinder blocks as a profitable own business Raw materials for the manufacture of cinder blocks
• Discovery of the Olmec civilization
• Products from the growth on the burl tree
• Baba Yaga first mention
• How to write an ad - sample, examples Announcement about upcoming holidays
• The scenario of the New Year's party for children of the group preparatory to school based on the fairy tale L