Instruction: How To Protect Your Company From Fines Under The Law On Personal Data

Recommendations from the lawyer, the founder of the service for the protection of an Internet business E-docs Anara Kostenko. Roskomnadzor continues its work on the “salvation” of the Internet, and this time under the gun was almost all site owners. From 1 July 2017 come into force new amendments to the Code of administrative offences (Cao), which toughens sanctions against all entities that collect personal data.

Now, the fines will reach 295 thousand rubles. You should start with an explanation of what is personal information. In the first place under this category are email, name, surname and phone number. And more recently Roskomnadzor began to refer to personal data, residence address, IP and even information obtained using cookies.

So, if your website collects such information, the Roskomnadzor will automatically take you to the operators of personal data. That is, you are required to notify the Agency about the availability of specific documentation which reglamentary your activity. Now think, there remains a lot of sites in which no personal account or information gathering.

Fined before. One of the most interesting cases occurred in October 2016, when the Tambov city legal the company was fined for collecting personal data. Even then, the court has taken the position of Roskomnadzor, has equated the email and the phone number to the personal data and ordered the company to pay an administrative penalty in the amount of 1 thousand rubles.

Yes, thats right, one thousand. And if the violators paid no more than 10 thousand, from July 1, fines will be able to reach 295 thousand rubles for legal entities and 75 thousand rubles for individuals. There are two key grounds.

Complaint and conduct scheduled inspections. According to Roskomnadzor, in comparison with 2013 the number of complaints has increased by almost 60% — c 10 016 cases up to 33 814. It is worth considering that no one is immune from complaints from competitors. Increasing the number of inspections. If in 2013 there were 743, in 2016 — 2053 already.

In addition to the above fines, the site will be entered in the “Register of violators of rights of personal data subjects”, which threatens the increased attention from Roskomnadzor. Also you should be prepared to document inspections on the processing of personal data, even if you entered in the “Unified register of subjects of small and average business”. Fortunately, if all personal data you receive through the website, you can protect yourself from most of the fines themselves.

To make the collection of personal information is completely legal, it is enough to perform several steps: See policy template here. The notification of processing of personal data is sent to the territorial body roskomnadzora in the form of a paper document or in electronic document form and signed by authorized person.

Before sending the notification advised to check the completeness and correctness of filling. The notice must contain the following information: For notification you need to:

Send columns, corresponding to the requirements of the editorial Board, [email protected]

Leave a Reply