home » Business ideas » Standard provision on personal data. How to draw up a regulation on the protection of personal data

Standard provision on personal data. How to draw up a regulation on the protection of personal data

The GIT inspector will check whether the employer has approved the Regulation on working with personal data. How to draw up a document so that its content complies with the law and finished sample document, look in the article.

In the article:

Download related documents:

Regulations on personal data of employees: 2020 sample

In the process of employment, and often even earlier, even at the stage of preliminary questionnaires and interviews, the employee provides the employer with certain information of a personal nature. Such information is classified as confidential and is not subject to disclosure to third parties. Moreover, not all types of information can be requested - for example, the question of the applicant's religious affiliation or political views will be inappropriate in any interview.

The employer is allowed to be interested only in those aspects of the employee's personal life that are directly related to his work and can affect the quality of its performance.

The definition of personal data is contained in the law No. 152-FZ of July 27, 2006. This is a key normative document, at the federal level, fixing the basic norms and principles for handling personal information. According to Article 3 of Law No. 152-FZ, personal any data related directly or indirectly to a specific subject (natural person) is considered. The subject may provide information about himself to the operator - a state or municipal authority, an employer (legal entity or individual).

Regulations on working with personal data of employees

The operator does not have the right to process the information received or disclose it to third parties without the consent of the subject. Protection of personal information provided by the legislation of the Russian Federation: the aforementioned federal law No. 152-FZ, separate articles of the Labor, Criminal and Civil Codes of the Russian Federation, as well as Art. 5.39 and 13.11-13.14 of the Code of administrative offenses RF. These rules apply to organizations of all forms of ownership.

Each company that collects personal information about its employees must draw up and approve a policy on the protection of personal data of employees. This is the name of a local regulation that establishes the procedure for working with personal data within a particular enterprise in accordance with the requirements of Art. 87 of the Labor Code of the Russian Federation. In the field of public civil service the "Regulations on the personal data of a state civil servant and the conduct of his personal file" are being developed, as required by the decree of the President of the Russian Federation No. 609 of 05/30/2005

In order to draw up the Regulations on the processing of personal data without errors, use the online service "Personnel Systems"

Take advantage now

Main types of personal information

Conventionally, the entire amount of personal data about a particular subject can be divided into five types:

general;
public;
impersonal;
special;
biometric.

General information is a person's passport data (last name, first name, patronymic, date of birth, marital status), address, telephone number, information about the education received, etc. The current legislation does not contain an exhaustive list of general data, but it lists in great detail the types of special data for which special rules for collection, processing and storage are established. These include information about:

state of health;
intimate life;
having a criminal record;
religion;
philosophical and political beliefs;
racial and national identity.

It is possible to request special data for processing only in strictly defined cases - for medical purposes (with the obligatory observance of medical secrecy) or insurance service, to administer justice, in the framework of countering terrorism, to protect the life or health of the subject. Criminal record information is processed only if there is a federal law requiring such processing. In addition, it is not forbidden to process special information if the subject himself gave it to him or made it publicly available.

Crib. When personal data can be processed without the consent of the employee

Attention! Public information is considered to be information posted by the owner in public sources - newspapers, magazines, address and telephone directories, social networks.

Biometric refers to information about the physiological or biological characteristics of a particular person: height, physique, fingerprints, drawing of the iris, the results of genetic and other studies that allow to establish his identity. Sometimes you can't do without them. A typical case of using "biometrics" is described in the note "Can an employer take fingerprints of employees to organize access control": the results of fingerprinting allow you to instantly identify an employee, which is very important when holding events with limited access.

Biometric data should be processed and stored in accordance with Decree of the Government of the Russian Federation No. 512 dated July 6, 2008. After the purpose of processing is achieved or lost, biometric, special and general personal data must be depersonalized. It is impossible to establish the ownership of impersonal information (for example, the processed results of statistical reports and surveys) to a specific person.

Attention! Data that, for objective reasons, cannot be anonymized must be destroyed.

When drawing up a regulation on the personal data of employees, do not forget to prescribe the rules for processing various types of information, including biometric information, if the organization collects and uses it in its work.

What functions does the regulation on the protection of personal data perform

One way or another, the employer gets access to certain information about the private life of the employee. Filling out, providing various benefits and compensations, filing a tax deduction - this is just a small list of standard procedures for which you have to ask the employee for information about the state of health, family composition, etc. And since processing is carried out, then a provision on the protection of personal data is also necessary (a sample document is discussed below).

Attention! You need to receive personal information about an employee directly from him, and not from third parties.

Even within the same organization, personal information can only be transferred in accordance with local regulations. normative act, with which all personnel must first familiarize themselves under the signature. The need for such familiarization is enshrined in paragraph 8 of Art. 86 of the Labor Code of the Russian Federation.

Regulations on personal data of employees: sample structure

The very concept of information processing covers different types operations listed in clause 3, article 3 of federal law No. 152-FZ. First, the collection, recording and systematization of information is carried out. Then there is their accumulation, storage and use. Data can be refined, updated or modified, retrieved and transferred. If there is no need to use personalized information, it is depersonalized or destroyed. Therefore, the regulation on working with personal data of employees is divided into sections devoted to different stages information processing:

general provisions;
receiving and systematization;
storage;
usage;
broadcast;
confidentiality guarantees.

Of course, the proposed structure can be adjusted as needed - to combine existing sections and add new ones, include additional lists and applications. But even the simplest model provision on the personal data of an employee is a convenient starting workpiece, on the basis of which you can develop a full-fledged document adapted to the working conditions of a particular enterprise.

Regulation on personal data: the procedure for processing and storing information

When developing a provision on personal data, a sample can be used as a basis. Particular attention should be paid to the sections devoted to the procedure for collecting, organizing and storing information. The more detailed each item is, the better and safer it is for the employer. If a mandatory survey of applicants is carried out, describe the procedure as accurately as possible and list the specific types of information requested:

The storage of any media of personal information - paper, electronic and any other - involves restricting access to them. For this purpose, separate rooms, safes, lockers, special folders and password-protected electronic databases are used. Only a limited circle of officials can request confidential information without special permission.

All these nuances must be included in the regulation on the protection of personal data of employees. A sample of the relevant section would look something like this:

Each employee has the legal right to know exactly how and to what extent his personal data is processed and used, as well as to correct or delete incorrect, incomplete or improperly processed information about himself.

Regulations on working with personal data of employees: a sample design for a section on the transfer of information

The employer is allowed to transfer personal information to third parties, but only under certain circumstances - for example, in order to prevent a threat to the life and health of an employee or in cases provided for by federal laws. In this case, the data does not become publicly available, but is confidentially transferred to an authorized person.

In all other cases, the rule enshrined in Article 7 of Law No. 152-FZ applies and requires each time such a need arises to request from the subject. At the same time, data is transmitted in a limited amount necessary to perform a specific function and no more.

Be sure to add a section on the rules for the transfer of confidential information in the policy on personal data of employees. An example section looks like this:

The employer must keep a record of the issuance of any personal information relating to employees of the enterprise. For this purpose, a special journal (book) or an electronic document is created. Ideally, records should be duplicated, keeping both electronic and paper media.

How to approve the regulation on the personal data of employees: a sample order

There are two ways to approve the provision on the protection of personal data of employees: or simply provide a special field for certification details on the form of the main document. Employers who do not want to multiply the amount of paper work usually prefer the second method and add the necessary fields to the "header" of the document.

Approving the document, the head of the organization puts on it personal signature and print. If the first, more time-consuming method of approval is chosen, an appropriate administrative document is drawn up. It is formatted in general order and, in fact, is no different from the standard.

If the employer previously applied a different version of the provision, upon entry into force new edition as a sample, an order is used to approve the Regulation on working with personal data or any other local act.

Order on approval of the Regulations on the work with personal data

Attention! If the organization has a legal department or in-house legal adviser, it is recommended to agree with him the provision on the protection of personal data of employees before the document is sent for final approval to the head of the enterprise.

Notice of personal data processing

In addition to a number of basic measures to protect the personal data of personnel, the law provides for another obligation of the operator - to notify Roskomnadzor of the forthcoming processing of personal data. This rule is present in Russian legislation since 2007. The notification form currently in use was approved in 2008.

We note right away that the notification requirement does not apply to all employers. According to Article 22 of Law No. 152-FZ, organizations that:

process the information received in accordance with labor legislation;
receive information in connection with the conclusion of the contract and use it exclusively within the framework of the execution of the agreements;
receive data recognized as publicly available or including only the surnames, first names and patronymics of the subjects;
request information once in order to allow the subject to enter the territory of the operator;
are religious or public and process information in confidence for legitimate purposes.

In order not to notify Roskomnadzor of data processing every time, an employer using information about employees solely within the framework of labor legislation can fix the corresponding condition with internal documents. Specify in the regulations and other local acts the main activities of the company and the purposes for which it collects and processes personal information about personnel.

Responsibility for violation of the rules for processing personal information

For violation of the legislation on the protection of personal information, the guilty person can be brought not only to disciplinary, but also to administrative responsibility , and in some cases, criminal liability. The measure of responsibility is chosen taking into account the type, severity and circumstances of the misconduct.

It should be remembered that illegal access to electronic information protected by law, and violation of privacy. This also includes improper storage of personal data, as well as unintentional disclosure of confidential information made without malicious intent, access to which was obtained in the performance of work duties. The injured party may, through the court, demand compensation for material and moral damage caused by the illegal actions of an official.

The amount of fines paid by employers for non-compliance with the rules for processing personal data of personnel is constantly increasing and currently amounts to tens of thousands of rubles. Therefore, if the organization does not apply or does not have a provision on the protection of personal data of employees, a sample document drawn up taking into account all the requirements of the law will obviously not be superfluous.

In order to process personal data of employees without a fine from the GIT, the employer must draw up and approve the Regulation on the processing of personal data of an employee. Such a position is binding document, which must be in the organization. Draw up the Regulation in any form and include in it all the features of the procedure for processing personal data in your company. Ready document approved by the employer.

The order on the protection of personal data of employees - a sample of this document is presented in the article below. This order establishes the obligation of responsible persons to ensure the confidentiality of personal information, and also determines the degree of access to them for each official. Also in our article you will find brief information about the content of this document.

Order on the protection of personal data

Personal data (hereinafter referred to as PD) of an employee is any information that allows third parties to identify his personality. PD must be reliably protected from unauthorized access - violation of this rule entails the imposition of an administrative penalty on an individual or legal entity working with them.

To ensure data confidentiality, it is necessary to develop and implement a multi-level information protection system at the enterprise, an integral part of which is the creation of organizational documentation that determines the procedure for working with such information about employees. The order on the protection of personal data defines the key points of the company's management policy in the field of using confidential information about the identity of employees, and also establishes a list of positions and persons occupying them, whose powers include the collection, storage and processing of data.

Sample order on personal data of employees

For clarity, we suggest that you familiarize yourself with a sample order on the PD of employees compiled by our specialists:

OOO Kompakt-M

Ekaterinburg

31.08.2017

Don't know your rights?

Order No. 11

on the protection of personal data of employees

In order to fulfill the requirements established by Ch. fourteen Labor Code Russian Federation, as well as the federal law "On Personal Data" No. 152 of July 27, 2006,

I ORDER:

Approve the Regulation on the protection of personal data and put it into effect on 09/01/2017.
Approve the list of persons entitled to work with personal data of employees, as well as determine the completeness of the access granted:
- CEO Petrushin A.P. — access without restrictions;
- chief accountant E. P. Ivlikova — access without restrictions;
- Senior Human Resources Inspector Mironova O. S. - access without restrictions;
- accountants of the settlement group Nikonova N. Z. and Poletaeva V. G. - access without restrictions.
To appoint the person responsible for ensuring the implementation of the process of collecting, processing and storing personal data of employees, the senior inspector for personnel Mironova O. S.
Lay on responsible person the obligation to familiarize the employees specified in clause 2 of the order with the Regulations on the protection of personal data of employees, and obtain from them a written obligation not to disclose the personal data of employees.

Director General of Kompakt-M LLC Petrushin A.P.: (signature).

So, the order on the protection of personal data contains a documented expression of the will of the head of the organization on the approval of the documentation that determines the procedure for working with such data, and establishes a list of persons who have access to work with them. All employees of the organization using PD in the course of their labor activity, must be familiarized with this order under the signature.

Personal data is “any information relating to an identified or identifiable natural person”. Almost all information handled by the employer falls under this concept: the date of birth of the employee, marital status, education, home address, etc. This data is stored in personal cards and is actively used in employment contracts and contracts, orders, payslips, payrolls, statements and many other documents.

An employer can receive personal data only first-hand, that is, from the person himself. If it is not possible to personally collect information, it can be obtained through third parties, but with the consent of the employee himself. At the same time, he should explain for what purpose the information is collected, how it will be used and what will happen if the employee refuses to give his consent to the collection and processing of information about himself.

Legislation limits the list of situations when an employer can collect data. Among the main ones are:

preservation of life and health of subordinates;
assistance in employment and education;
promoting career growth;
control over the performance by the employee of his labor functions;
security material assets;
enforcement of laws.

Responsibility for violations in the work with personal data

From July 1, 2017, liability for errors in this area will seriously increase. The list of violations for which the employer can be held liable has been significantly expanded, and in addition, the amount of fines has been increased. Such changes are contained in the Federal Law “On Amendments to the Code Russian Federation on administrative offences. Instead of one type of administrative responsibility, which was provided for by Art. 13.11, there are now seven types in the Code of Administrative Offenses of the Russian Federation, and each has its own fines:

Use of personal data for purposes not provided for by law. Administrative punishment - warning or fine: for individuals from 1,000 to 3,000 rubles, for officials - from 5,000 to 10,000 rubles, for legal entities- from 30,000 to 50,000 rubles.
Processing personal data without the consent of the employee. This also includes cases where the consent signed by the employee does not contain a list of information provided for in Part 4 of Art. 9 of the law. Administrative punishment - fines: for individuals - from 3,000 to 5,000 rubles, for officials - from 10,000 to 20,000 rubles, for legal entities - from 15,000 to 75,000 rubles.
Violation of the regime of access to the policy of the organization for the processing of personal data. The employer is obliged to publish in public sources a document that outlines its policy in the field of protecting the personal information of employees. This is provided for in paragraph 2 of Art. 18.1 of Law No. 152-FZ of July 27, 2006, and from July 1 it will be a separate offense that entails liability in the form of a warning or fines: for individuals - from 700 to 1,500 rubles, for officials - from 3,000 to 6,000 rubles, for individual entrepreneurs - from 5,000 to 10,000 rubles. and for legal entities - from 15,000 to 30,000 rubles.
Hiding information from the employee about the purposes, terms and methods of collecting, storing and processing information, about third parties who will work with personal information on behalf of the employer, etc. In such cases, the employer receives a warning or pays a fine: individuals - from 1,000 up to 2,000 rubles, officials - from 4,000 to 6,000 rubles, individual entrepreneurs - from 10,000 to 15,000 rubles, legal entities - from 20,000 to 40,000 rubles.
The refusal of the employer to block or destroy personal data in accordance with Art. 21 . Administrative responsibility - a warning or a fine: for individuals - from 1,000 to 2,000 rubles, for officials - from 4,000 to 10,000 rubles, for individual entrepreneurs - from 10,000 to 20,000 rubles, for legal entities - from 25,000 to 45,000 rubles
Lack of automation tools for storing personal data, storing information only in paper form. If such an employer allowed the destruction, leakage, unauthorized copying and / or distribution of the employee's personal data, a fine is imposed on him: for individuals - from 700 to 2,000 rubles, for officials - from 4,000 to 10,000 rubles, for individual entrepreneurs - from 10,000 to 20,000 rubles, for a legal entity - from 25,000 to 50,000 rubles.
Non-observance or violation of the procedure for depersonalization of data by employees of state and municipal authorities (Order of Roskomnadzor "On approval of requirements and methods for the depersonalization of personal data"). Administrative responsibility in this case threatens the official in the form of a warning or a fine of 3,000 to 6,000 rubles.

Legislation allows you to summarize fines for various violations, so mistakes or careless attitude to information about employees can be very costly for the employer. And besides, from July 1, 2017, it is allowed to initiate administrative cases regarding the handling of personal data without the participation of a prosecutor - Roskomnadzor officials will be able to initiate them (clause 58, part 2, article of the Code of Administrative Offenses of the Russian Federation).

Correctly drawn up Regulations on personal data will help to comply with the requirements of the law, which should consolidate the norms of the law and specify them for the organization.

How to draw up a Regulation on personal data

The law does not stipulate the name, structure and mandatory content of the document, the employer has the right to determine how the Regulation will look like. When developing a document, the head of the organization and specialists personnel service must be based on the above Federal Law, as well as on Art. Labor Code of the Russian Federation.

The Regulation on personal data should reflect:

General provisions: goals and objectives of the organization in the field of personal data protection, the range of issues that are regulated by the Regulations.
Composition of personal data: information that the employer uses in the framework of labor relations with the employee, a list of documents that contain such data.
The procedure for collecting and processing information, including methods and places of storage, measures to protect against unauthorized distribution. Among other things, the requirement to obtain information only from the person himself or, with his written consent, from third parties is prescribed here. The consent form can be issued as an annex to the Regulations.
The procedure for the transfer of personal data both within the organization and to third parties and government agencies. This should reflect the legislative norm to transfer personal information about the employee to third parties only with his written consent. An exception is if it is necessary to protect the life and health of the employee.
List of employees with access to personal data. Most often, these are HR specialists, accountants, heads of structural divisions, etc.
Responsibility for the disclosure of personal data of employees. In the section, it is worth indicating the positions of those who are responsible for violating the rules for storing, processing and transferring personal data, as well as the types of liability provided for by law (we will talk about changes in this area in more detail below).

The regulation on the protection of the employee's personal data and the consent template are approved by the head of the organization. A stamp with a signature, date of approval and protocol number is placed on the title page of the document. To put the Regulation into effect, the head issues a separate order.

All employees must be familiarized with the Regulation on personal data against signature. To do this, organizations often start a separate journal with a list of employees working in the company.

Consent to the processing of personal data

This is a document in which a person being hired allows the future employer to receive the necessary information and use it within the framework of current legislation.

The employer has no right to collect and use the personal information of employees without their written consent. The exception is data from medical institutions concerning contraindications to a certain type of activity.

Consent must include the following information (part 4 of article 9):

Full name, address of the employee, details of the passport (or other identification document);
Full name, address of the representative of the employee, details of his passport (or other identity document), details of the power of attorney;
name or full name and address of the employer receiving the consent of the personal data carrier;
a list of personal data for the processing of which consent is given;
purpose of personal data processing;
a list of actions with personal data for which consent is given, general description how this information is processed;
the period during which the consent of the employee is valid, as well as the method of its withdrawal, unless otherwise provided by federal law.

The document is signed by the employee after reading the Regulations. The same consent must be issued if a person allows third parties to provide information about themselves.

An employer does not have the right to force a potential employee to provide any information about himself. If the applicant refuses to sign the Consent, the organization may reconsider the admission of such a person to the staff. Any of the working employees of the organization can also withdraw their consent (part 2 of article 9).

After the employer has received the employee's consent to the processing of personal information, he can entrust this to a third party, but the responsibility for the safety of the information still lies with the employer.

Really large-scale changes have affected the spheres of personal data protection, and the employer should be doubly careful both when drawing up the Regulations and when working with personal information by employees. Remember, the more detailed and specific the Regulations on Personal Data are, the clearer the work in this area of personnel records will be built in the organization.

MINISTRY OF COMMUNICATIONS AND MASS COMMUNICATIONS

RUSSIAN FEDERATION

FEDERAL SERVICE FOR SUPERVISION IN THE FIELD OF COMMUNICATIONS,

ON THE APPROVAL OF THE REGULATION

INFORMATION TECHNOLOGIES AND MASS COMMUNICATIONS

In accordance with the Federal Law of July 27, 2006 N 152-FZ "On Personal Data" (Collected Legislation of the Russian Federation, 2006, N 31, Art. 3451; 2009, N 48, Art. 5716; N 52, Art. 6439 ; 2010, N 27, item 3407; N 31, item 4173, item 4196; N 49, item 6409; N 52, item 6974; 2011, N 23, item 3263; N 31, item 4701 ) and subparagraph "b" of paragraph 1 of the List of measures aimed at ensuring the fulfillment of the obligations provided for by the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it, by operators that are state or municipal bodies, approved by Decree of the Government of the Russian Federation dated 21 March 2012 N 211 (Collected Legislation of the Russian Federation, 2012, N 14, Art. 1626), I order:

1. Approve the attached Regulations on the processing and protection of personal data in the central office of the Federal Service for Supervision in the Sphere of Communications, information technologies and mass communications.

2. Recognize invalid the order of the Federal Service for Supervision in the Sphere of Communications, Information Technology and Mass Communications of April 13, 2011 N 246 "On Approval of the Regulations on the Processing of Personal Data in the Central Office of the Federal Service for Supervision in the Sphere of Communications, Information Technologies and Mass Media Communications" (registered by the Ministry of Justice of the Russian Federation on May 17, 2011, registration N 20757).

3. Send this order for state registration to the Ministry of Justice of the Russian Federation.

Supervisor

A.A. ZHAROV

Appendix

to the order of the Federal Service

on supervision in the field of communications,

information technologies

mass communications

POSITION

ON PROCESSING AND PROTECTION OF PERSONAL DATA IN THE CENTRAL

OFFICE OF THE FEDERAL SERVICE FOR SUPERVISION IN THE FIELD OF COMMUNICATIONS,

INFORMATION TECHNOLOGIES AND MASS COMMUNICATIONS

I. General provisions

1.1. The Regulation on the processing and protection of personal data in the central office of the Federal Service for Supervision of Communications, Information Technology and Mass Media (hereinafter referred to as the Regulation) determines the purposes, content and procedure for processing personal data, measures aimed at protecting personal data, as well as procedures, aimed at identifying and preventing violations of the legislation of the Russian Federation in the field of personal data in the central office of the Federal Service for Supervision of Communications, Information Technology and Mass Communications (hereinafter referred to as Roskomnadzor).

1.2. This Regulation defines the policy of the central office of Roskomnadzor as an operator processing personal data regarding the processing and protection of personal data.

1.3. This Regulation has been developed in accordance with the Labor Code of the Russian Federation (Sobranie Zakonodatelstva Rossiyskoy Federatsii, 2002, N 1, Art. 3; N 30, Art. 3014, 3033; 2003, N 27, Art. 2700; 2004, N 18, Art. 1690; N 35, item 3607; 2005, N 1, item 27; N 19, item 1752; 2006, N 27, item 2878; N 52, item 5498; 2007, N 1, item 34; N 17, item 1930; N 30, item 3808; N 41, item 4844; N 43, item 5084; N 49, item 6070; 2008, N 9, item 812; N 30, item 3613 ; N 30, item 3616; N 52, item 6235, 6236; 2009, N 1, item 17, 21; N 19, item 2270; N 29, item 3604; N 30, item 3732, 3739 ; N 46, item 5419; N 48, item 5717; 2010, N 31, item 4196; N 52, item 7002; 2011, N 1, item 49; N 25, item 3539; N 27, 3880; N 30, items 4586, 4590, 4591, 4596; N 45, items 6333, 6335; N 48, items 6730, 6735; N 49, item 7031; 2012, N 10, item 1164 ; N 14, item 1553; N 18, item 2127; N 31, item 4325) (hereinafter referred to as the Labor Code of the Russian Federation), the Code of the Russian Federation on Administrative Offenses (Collection of Legislation of the Russian Federation editions, 2002, N 1, art. one; No. 18, Art. 1721; No. 30, Art. 3029; No. 44, Art. 4295, 4298; 2003, N 27, art. 2700, 2708, 2717; No. 46, Art. 4434, 4440; No. 50, Art. 4847, 4855; No. 52, art. 5037; 2004, N 19, art. 1838; No. 30, Art. 3095; N 31, art. 3229; No. 34, Art. 3529, 3533; No. 44, Art. 4266; 2005, N 1, art. 9, 13, 37, 40, 45; No. 10, art. 762, 763; No. 13, Art. 1077, 1079; No. 17, Art. 1484; No. 19, Art. 1752; No. 25, art. 2431; No. 27, Art. 2719, 2721; No. 30, Art. 3104; No. 30, Art. 3124, 3131; No. 40, art. 3986; No. 50, Art. 5247; No. 52, art. 5574, 5596; 2006, N 1, art. 4, 10; N 2, art. 172, 175; No. 6, art. 636; No. 10, art. 1067; No. 12, art. 1234; No. 17, art. 1776; No. 18, Art. 1907; No. 19, Art. 2066; No. 23, Art. 2380, 2385; No. 28, art. 2975; No. 30, Art. 3287; N 31, art. 3420, 3432, 3433, 3438, 3452; No. 43, art. 4412; No. 45, art. 4633, 4634, 4641; No. 50, Art. 5279, 5281; No. 52, art. 5498; 2007, N 1, art. 21, 25, 29, 33; No. 7, art. 840; No. 15, art. 1743; No. 16, art. 1824, 1825; No. 17, art. 1930; No. 20, art. 2367; No. 21, art. 2456; No. 26, art. 3089; No. 30, Art. 3755; N 31, art. 4001, 4007, 4008, 4009, 4015; No. 41, Art. 4845; No. 43, Art. 5084; No. 46, art. 5553; No. 49, Art. 6034, 6065; No. 50, Art. 6246; 2008, N 10, art. 896; No. 18, Art. 1941; No. 20, art. 2251, 2259; No. 29, art. 3418; No. 30, Art. 3582, 3601, 3604; No. 45, art. 5143; No. 49, Art. 5738, 5745, 5748; No. 52, art. 6227, 6235, 6236, 6248; 2009, N 1, art. 17; No. 7, art. 771, 777; No. 19, Art. 2276; No. 23, Art. 2759, 2767, 2776; No. 26, art. 3120, 3122, 3131, 3132; No. 29, art. 3597, 3599, 3635, 3642; No. 30, Art. 3735, 3739; No. 45, art. 5265, 5267; No. 48, art. 5711, 5724, 5755; 2010, N 1, art. one; No. 11, art. 1169, 1176; No. 15, art. 1743, 1751; No. 18, Art. 2145; No. 19, Art. 2291; No. 21, art. 2524, 2525, 2526, 2530; No. 23, Art. 2790; No. 25, art. 3070; No. 27, Art. 3416, 3429; No. 28, art. 3553; No. 30, Art. 4000, 4002, 4005, 4006, 4007; N 31, art. 4155, 4158, 4164, 4191, 4192, 4193, 4195, 4198, 4206, 4207, 4208; No. 32, Art. 4298; No. 41, Art. 5192, 5193; No. 46, art. 5918; No. 49, Art. 6409; No. 50, Art. 6605; No. 52, art. 6984, 6995, 6996; 2011, N 1, art. 10, 23, 29, 33, 47, 54; No. 7, art. 901; No. 15, art. 2039, 2041; No. 17, art. 2310, 2312; No. 19, Art. 2714, 2715; No. 23, Art. 3260, 3267; No. 27, Art. 3873, 3881; No. 29, art. 4289, 4290, 4291, 4298; No. 30, Art. 4573, 4574, 4584, 4585, 4590, 4591, 4598, 4600, 4601, 4605; No. 45, art. 6325, 6326, 6334; No. 46, art. 6406; No. 47, Art. 6601, 6602; No. 48, art. 6730, 6732; No. 49, Art. 7025, 7042, 7056, 7061; No. 50, Art. 7342, 7345, 7346, 7351, 7352, 7355, 7362, 7366; 2012, N 6, Art. 621; No. 10, art. 1166; No. 15, art. 1723, art. 1724; No. 18, Art. 2126, art. 2128; No. 19, Art. 2278; No. 24, Art. 3068, Art. 3069, Art. 3082; No. 29, art. 3996; N 31, art. 4320, Art. 4322, Art. 4330; No. 41, Art. 5523), Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2006, No. 31, Art. 3451; 2009, No. 48, Art. 5716; No. 52, Art. 6439 ; 2010, N 27, item 3407; N 31, item 4173, item 4196; N 49, item 6409; N 52, item 6974; 2011, N 23, item 3263; N 31, item 4701 ) (hereinafter referred to as the Federal Law "On Personal Data"), Federal Law of July 27, 2006 N 149-FZ "On Information, Information Technologies and Information Protection" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2006, N 31, Art. 3448 ; 2010, N 31, item 4196; 2011, N 15, item 2038; N 30, item 4600; 2012, N 31, item 4328), Federal Law of May 27, 2003 N 58-FZ "On system public service of the Russian Federation" (Collected Legislation of the Russian Federation, 2003, No. 22, Art. 2063; No. 46, Art. 4437; 2006, No. 29, Art. 3123; 2007, No. 49, Art. 6070; 2011, No. 1, Art. 31; N 50, art. 7337) (hereinafter referred to as the Federal Law "On the System of the Public Service of the Russian Federation"), Federal Law of July 27, 2004 N 79-FZ "On the State Civil Service of the Russian Federation" (Collected Legislation of the Russian Federation, 2004, N 31, item 3215; 2006, N 6, item 636; 2007, N 10, item 1151; N 16, item 1828; N 49, item 6070; 2008, N 13, item 1186; No. 30, article 3616; No. 52, article 6235; 2009, No. 29, article 3597, 3624; No. 48, article 5719; No. 51, article 6150, 6159; 2010, No. 5, article 459; N 7, item 704; 2011, N 1, item 31; N 27, item 3866; N 29, item 4295; N 48, item 6730; N 50, item 7337) (further - the Federal law " On the State Civil Service of the Russian Federation"), Federal Law of December 25, 2008 N 273-FZ "On Combating Corruption" (Collected Legislation of the Russian Federation, 2008, N 52, Art. 622 8; 2011, N 29, art. 4291; No. 48, art. 6730) (hereinafter - the Federal Law "On Combating Corruption"), Federal Law of July 27, 2010 N 210-FZ "On the organization of the provision of state and municipal services"(Collected Legislation of the Russian Federation, 2010, N 31, Art. 4179; 2011, N 15, Art. 2038; N 27, Art. 3880; N 29, Art. 4291; N 30, Art. 4587; N 49, Art. 7061; 2012, N 31, art. 4322) (hereinafter - the Federal Law "On the organization of the provision of state and municipal services"), Federal Law of September 2, 2006 N 59-FZ "On the procedure for considering applications from citizens of the Russian Federation" ( Collection of Legislation of the Russian Federation, 2006, N 19, item 2060; 2010, N 27, item 3410; N 31, item 4196) (hereinafter - the Federal Law "On the Procedure for Considering Appeals of Citizens of the Russian Federation"), Federal Law of 7 July 2003 N 126-FZ "On Communications" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2003, N 28, Art. 2895; N 52, Art. 5038; 2004, N 35, Art. 3607; N 45, Art. 4377; 2005, N 19, item 1752; 2006, N 6, item 636; N 10, item 1069; N 31, item 3431, item 3452; 2007, N 1, item 8; N 7, item 835; 2008, N 18, item 1941; 2009, N 29, item 3625; 2010, N 7, item 705; N 15, item 1737; N 27, item 3408; N 31, item 4190; 2011, N 7, Art. 901; No. 9, Art. 1205; No. 25, art. 3535; No. 27, Art. 3873, Art. 3880; No. 29, art. 4284, Art. 4291; No. 30, Art. 4590; No. 45, art. 6333; No. 49, Art. 7061; No. 50, Art. 7351, art. 7366; 2012, N 31, Art. 4328), Federal Law of May 4, 2011 N 99-FZ "On Licensing certain types activities" (Sobraniye zakonodatelstva Rossiyskoy Federatsii, 2011, N 19, art. 2716; N 30, art. 4590; N 43, art. 5971; N 48, art. 6728; 2012, N 26, art. 3446; N 31, 4322) (hereinafter referred to as the Federal Law "On Licensing Certain Types of Activities"), Law of the Russian Federation of December 27, 1991 N 2124-1 "On Means mass media" (Russian newspaper , 1992, February 8, N 32; Collection of Legislation of the Russian Federation, 1995, N 3, Art. 169; No. 24, Art. 2256; No. 30, Art. 2870; 1996, N 1, art. 4; 1998, N 10, art. 1143; 2000, No. 26, Art. 2737; No. 32, Art. 3333; 2001, N 32, Art. 3315; 2002, N 12, Art. 1093; No. 30, Art. 3029, Art. 3033; 2003, N 27, art. 2708; No. 50, Art. 4855; 2004, N 27, Art. 2711; No. 35, art. 3607; No. 45, art. 4377; 2005, N 30, Art. 3104; N 31, art. 3452; 2006, N 43, Art. 4412; 2007, N 31, Art. 4008; 2008, N 52, art. 6236; 2009, N 7, Art. 778; 2011, N 25, art. 3535; No. 29, art. 4291; 2012, N 31, Art. 4322) (hereinafter referred to as the Law of the Russian Federation "On the Mass Media"), Decree of the President of the Russian Federation of February 1, 2005 N 112 "On Approval of the Regulations on the Competition for Filling a Vacant Position in the State Civil Service of the Russian Federation" (Collected Legislation of the Russian Federation, 2005, N 6, article 439; 2011, N 4, article 578), Decree of the President of the Russian Federation of May 30, 2005 N 609 "On approval of the Regulations on the personal data of a state civil servant of the Russian Federation and the conduct of his personal file" ( Collection of Legislation of the Russian Federation, 2005, N 23, article 2242; 2008, N 43, article 4921), Decree of the Government of the Russian Federation of March 16, 2009 N 228 "On the Federal Service for Supervision of Communications, Information Technology and Mass Media Communications" (Sobraniye zakonodatelstva Rossiyskoy Federatsii, 2009, N 12, item 1431; 2010, N 13, item 1502; N 26, item 3350; 2011, N 3, item 542; N 6, item 888; N 14, item 1935; N 21, item 2 965; No. 40, art. 5548; No. 44, Art. 6272; 2012, No. 20, Art. 2540; No. 39, Art. 5270), Decree of the Government of the Russian Federation of November 1, 2012 N 1119 "On approval of requirements for the protection of personal data when they are processed in personal data information systems" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2012, N 45, Art. 6257), Government Decree of the Russian Federation dated July 6, 2008 N 512 "On approval of requirements for material carriers of biometric personal data and technologies for storing such data outside personal data information systems" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2008, N 28, art. 3384), by a decree of the Government of the Russian Federation dated September 15, 2008 N 687 "On approval of the Regulations on the specifics of the processing of personal data carried out without the use of automation tools" (Collected Legislation of the Russian Federation, 2008, N 38, art. 4320), Decree of the Government of the Russian Federation of March 21, 2012 N 211 "On approval of the list of measures aimed at ensuring the fulfillment of the obligations stipulated by the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it, operators that are state or municipal authorities" (Collection of Legislation of the Russian Federation, 2012, N 14, art. 1626), Decree of the Government of the Russian Federation of September 10, 2009 N 723 "On the procedure for commissioning completed state information systems" (Collection of Legislation of the Russian Federation, 2009, N 37, item 4416; 2012, N 27, item 3753), Decree of the Government of the Russian Federation of January 27, 2009 N 63 "On the provision of federal state civil servants with a one-time subsidy for the purchase of residential premises" (Collected Legislation of the Russian Federation, 2009 , N 6, item 739; N 51, item 6328; 2010, N 9, item 963; N 52, p. T. 7104) (hereinafter - the Decree of the Government of the Russian Federation "On the provision of federal state civil servants with a one-time subsidy for the purchase of housing"), by order of the Government of the Russian Federation of May 26, 2005 N 667-r on approval of the form of the questionnaire to be submitted to government agency a citizen of the Russian Federation who has expressed a desire to participate in the competition for filling a vacant position in the state civil service of the Russian Federation (Collected Legislation of the Russian Federation, 2005, N 22, Art. 2192; 2007, N 43, Art. 5264), by order of the Government of the Russian Federation of October 6 2011 N 1752-r on approval of the list of documents attached by the applicant to the application for registration (re-registration) of the mass media (Collected Legislation of the Russian Federation, 2011, N 41, art. 5789), by order of the FSTEC of Russia, the FSB of Russia, the Ministry of Information and Communications of Russia dated February 13, 2008 N 55/86/20 "On Approval of the Procedure for Classifying Personal Data Information Systems" (registered by the Ministry of Justice of the Russian Federation on April 3, 2008, registration N 11462).

1.4. The processing of personal data in the central office of Roskomnadzor is carried out in compliance with the principles and conditions provided for by this Regulation and the legislation of the Russian Federation in the field of personal data.

II. Conditions and procedure for processing personal data

state civil servants of Roskomnadzor

2.1. Personal data of state civil servants of the central office of Roskomnadzor, heads and deputy heads of territorial bodies of Roskomnadzor (hereinafter - civil servants of Roskomnadzor), citizens applying for positions in the civil service of the central office of Roskomnadzor and heads and deputy heads of territorial bodies of Roskomnadzor (hereinafter - citizens applying for to fill positions in the civil service of Roskomnadzor), persons filling positions of heads of federal government agencies subordinate to Roskomnadzor unitary enterprises, as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, are processed in order to ensure personnel work, including for the purpose of assisting civil servants of Roskomnadzor in the performance of public service (persons replacing the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, in order to facilitate the performance of work), the formation personnel reserve public civil service, training and promotion, accounting for the results of execution by civil servants of Roskomnadzor official duties, ensuring the personal safety of civil servants of Roskomnadzor, persons replacing the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, and their family members, providing civil servants of Roskomnadzor with working conditions established by the legislation of the Russian Federation, guarantees and compensations, safety of their property, as well as in order to counter corruption.

2.2. For the purposes specified in paragraph 2.1 of this Regulation, the following categories of personal data of civil servants of Roskomnadzor, persons replacing the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, citizens applying for positions in the public service of Roskomnadzor, as well as citizens applying for positions of managers federal state unitary enterprises subordinate to Roskomnadzor:

2.2.1. surname, name, patronymic (including previous surnames, first names and (or) patronymics, in case of their change);

2.2.2. date, month, year of birth;

2.2.3. Place of Birth;

2.2.4. information about citizenship (including previous citizenships, other citizenships);

2.2.5. type, series, number of the identity document, name of the authority that issued it, date of issue;

2.2.6. address of residence (address of registration, actual residence);

2.2.7. contact phone number or information about other methods of communication;

2.2.8. details of the insurance certificate of state pension insurance;

2.2.9. taxpayer identification number;

2.2.10. details of the compulsory medical insurance policy;

2.2.11. certificate details state registration acts of civil status;

2.2.12. marital status, family composition and information about close relatives (including former ones);

2.2.13. information about labor activity;

2.2.14. information about military registration and details of military registration documents;

2.2.15. information about education, including postgraduate vocational education(name and year of graduation educational institution, name and details of the document on education, qualification, specialty according to the document on education);

2.2.16. information about the academic degree;

2.2.17. ownership information foreign languages, degree of ownership;

2.2.18. medical opinion on prescribed form on the absence of a citizen of a disease that prevents entry into the state civil service or its passage;

2.2.19. the photo;

2.2.20. information on the passage of the state civil service, including: date, grounds for entering the state civil service and appointment to the position of the state civil service, date, grounds for appointment, transfer, transfer to another position of the state civil service, the name of the substituted positions of the state civil service, indicating structural subdivisions, the amount of the salary, the results of certification for compliance with the position being replaced by the state civil service, as well as information about the previous place of work;

2.2.21. information contained in the service contract, additional agreements to a service contract;

2.2.22. information about your stay abroad;

2.2.23. information about the class rank of the state civil service of the Russian Federation (including diplomatic rank, military or special rank, class rank of law enforcement service, class rank of the civil service of a constituent entity of the Russian Federation), qualifying category state civil service (qualification level or class rank of municipal service);

2.2.24. information about the presence or absence of a criminal record;

2.2.25. information about issued permits to state secrets;

2.2.26. state awards, other awards and distinctions;

2.2.27. information about professional retraining and (or) advanced training;

2.2.28. information about annual paid holidays, study holidays and vacations without pay;

2.2.29. information about income, property and liabilities of a property nature;

2.2.30. current account number;

2.2.31. Bankcard number;

2.2.32. other personal data necessary to achieve the goals provided for in paragraph 2.1 of this Regulation.

2.3. The processing of personal data and biometric personal data of civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, is carried out without the consent of these persons within the framework of the purposes determined by clause 2.1 of this Regulation, in accordance with clause 2 of part 1 of article 6 and part 2 of article 11 federal law"On Personal Data" and the provisions of the Federal Law "On the System of the Public Service of the Russian Federation", the Federal Law "On the State Civil Service of the Russian Federation", the Federal Law "On Combating Corruption", the Labor Code of the Russian Federation.

2.4. Processing of special categories of personal data of civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, is carried out without consent of these persons within the framework of the purposes determined by paragraph 2.1 of this Regulation, in accordance with subparagraph 2.3 of paragraph 2 of part 2 of Article 10 of the Federal Law "On Personal Data" and the provisions of the Labor Code of the Russian Federation, except for cases when personal data of an employee is obtained from a third party (in accordance with with paragraph 3 of Article 86 of the Labor Code of the Russian Federation, it is required written agreement heads of federal state unitary enterprises subordinate to Roskomnadzor and citizens applying for this position).

2.5. The processing of personal data of civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, is subject to obtaining consent specified persons in the following cases:

2.5.1. when transferring (distributing, providing) personal data to third parties in cases not provided for by the current legislation of the Russian Federation on the civil service;

2.5.2. in case of cross-border transfer of personal data;

2.5.3. when making decisions that give rise to legal consequences in relation to these persons or otherwise affect their rights and legitimate interests, based solely on automated processing their personal data.

2.6. In the cases provided for in paragraph 2.5 of these Regulations, the consent of the subject of personal data is formalized in writing, unless otherwise provided by the Federal Law "On Personal Data".

2.7. The processing of personal data of civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, is carried out by the Civil Service Department and personnel of the Department of organizational work of Roskomnadzor (hereinafter referred to as the personnel division of Roskomnadzor) and includes the following actions: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization , blocking, deletion, destruction of personal data.

2.8. Collection, recording, systematization, accumulation and clarification (update, change) of personal data of civil servants of Roskomnadzor, citizens applying for positions in the public service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions heads of federal state unitary enterprises subordinate to Roskomnadzor, is carried out by:

2.8.1. receipt of originals required documents(application, work book, autobiography, other documents submitted to the personnel division of Roskomnadzor);

2.8.2. copying original documents;

2.8.3. entering information into accounting forms (on paper and electronic media);

2.8.4. formation of personal data in the course of personnel work;

2.8.5. entering personal data into the information systems of Roskomnadzor used by the personnel division of Roskomnadzor.

2.9. Collection, recording, systematization, accumulation and clarification (updating, changing) of personal data is carried out by obtaining personal data directly from civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons replacing the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, and as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor.

2.10. If it becomes necessary to obtain personal data of a civil servant of Roskomnadzor and persons replacing the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor from a third party, the civil servant or the person filling the position of the head of a federal state unitary enterprise subordinate to Roskomnadzor should be notified in advance, obtain their written consent and inform them about the purposes, intended sources and methods of obtaining personal data.

2.11. It is forbidden to receive, process and attach to the personal file of a civil servant of Roskomnadzor and a person replacing the position of the head of a federal state unitary enterprise subordinate to Roskomnadzor, personal data that is not provided for in paragraph 2.2 of this Regulation, including those relating to race, nationality, political views, religious or philosophical beliefs , intimate life.

2.12. When collecting personal data, an employee of the personnel division of Roskomnadzor who collects (receives) personal data directly from civil servants of Roskomnadzor, citizens applying for positions in the public service of Roskomnadzor, persons replacing the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for filling the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor is obliged to explain to the specified subjects of personal data the legal consequences of the refusal to provide their personal data.

2.13. Transfer (distribution, provision) and use of personal data of civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor enterprises, is carried out only in cases and in the manner prescribed by federal laws.

III. Conditions and procedure for processing personal

data of civil servants of the central office

and territorial bodies of Roskomnadzor and persons consisting

with them in relationship (property), in connection with the consideration

issue of a one-time grant

for the purchase of housing

3.1. The central office of Roskomnadzor processes personal data of civil servants of the central office and territorial bodies of Roskomnadzor and persons who are related (property) with them in connection with the consideration of the issue of providing a one-time subsidy for the purchase of residential premises.

3.2. The list of personal data subject to processing in connection with the provision of a one-time subsidy for the purchase of residential premises is determined by the Decree of the Government of the Russian Federation "On the provision of federal state civil servants with a one-time subsidy for the acquisition of residential premises", and includes:

3.2.1. surname, name, patronymic;

3.2.2. type, series, number of the identity document, name of the authority that issued it, date of issue;

3.2.3. address of place of residence (address of permanent registration, address of temporary registration, address of actual place of residence);

3.2.4. information about the composition of the family;

3.2.5. personal data contained in an extract from the house book, copies of the financial personal account, marriage certificates, birth certificates of the child (children), work book, documents confirming the ownership of a civil servant and (or) members of his family of residential premises, except for the residential premises in which they are registered (with the provision, if necessary, of their originals), a document confirming the right to an additional area of \u200b\u200bthe residential premises;

3.2.6. other personal data provided for by the legislation of the Russian Federation.

3.3. The processing of personal data of civil servants of Roskomnadzor upon registration for a lump-sum payment is carried out on the basis of an application from a civil servant submitted to the head of Roskomnadzor to the Roskomnadzor Commission for Consideration of Issues on Registration of Federal Civil Servants in order to receive a lump-sum subsidy for the purchase of residential premises (hereinafter - Commission of Roskomnadzor).

3.4. The processing of personal data of state employees of Roskomnadzor in connection with the provision of a one-time subsidy for the purchase of residential premises, in particular, the collection, recording, systematization, accumulation and clarification (updating, changing) of personal data, is carried out by officials of the central office of Roskomnadzor, who are part of the Roskomnadzor Commission, by :

3.4.1. obtaining the originals of the required documents;

3.4.2. providing duly certified copies of documents.

3.5. The Roskomnadzor Commission has the right to check the information contained in the documents submitted by civil servants of Roskomnadzor on the existence of the conditions necessary for registering a civil servant in order to receive a one-time housing subsidy.

3.6. The transfer (distribution, provision) and use of personal data of civil servants of Roskomnadzor received in connection with the provision of a one-time subsidy for the purchase of residential premises is carried out only in cases and in the manner prescribed by the legislation of the Russian Federation.

IV. Conditions and procedure for processing personal data

entities in connection with the provision of public services

and performance of state functions

4.1. In the central office of Roskomnadzor, the processing of personal data of individuals is carried out in order to provide the following public services and perform public functions:

4.1.1. organizing the reception of citizens, ensuring timely and full consideration of oral and written applications from citizens on issues within the competence of Roskomnadzor;

4.1.2. registration of mass media;

4.1.3. licensing activities for the production of copies of audiovisual works, programs for electronic computers, databases and phonograms on any type of media;

4.1.4. assignment (assignment) of radio frequencies or a radio frequency channel for radio electronic means;

4.1.5. licensing activities in the field of communications;

4.1.6. formation and maintenance of the register of federal state information systems (hereinafter referred to as the FSIS register);

4.1.7. implementation of activities to protect the rights of subjects of personal data.

4.2. Personal data of citizens who applied to the central office of Roskomnadzor in person, as well as those who sent individual or collective written applications or applications in the form electronic document, are processed for the purpose of considering these appeals, followed by notification of the applicants about the results of the consideration.

In accordance with the legislation of the Russian Federation, appeals from citizens of the Russian Federation, foreign citizens and stateless persons are subject to consideration in the central office of Roskomnadzor.

4.3. As part of the consideration of citizens' appeals, the following personal data of applicants are subject to processing:

4.3.1. surname, name, patronymic (the last one, if available);

4.3.2. mailing address;

4.3.3. the address Email;

4.3.4. the contact phone number indicated in the application;

4.3.5. other personal data indicated by the applicant in the appeal (complaint), as well as became known during a personal reception or in the process of considering the received appeal.

4.4. When registering mass media, the following personal data of applicants are processed:

4.4.1. surname, name, patronymic (the last one, if available);

4.4.2. type, series, number of the identity document, name of the authority that issued it, date of issue;

4.4.3. address of the place of residence (address of permanent registration, address of temporary registration, address of actual place of residence);

4.4.4. contact phone number or information about other methods of communication.

4.5. When licensing activities for the production of copies of audiovisual works, programs for electronic computers, databases and phonograms on any type of media, the processing of the following personal data of applicants is carried out:

4.5.1. surname, name, patronymic (the last one, if available);

4.5.2. type, series, number of the identity document;

4.5.3. residence address;

4.5.4. contact phone number and, if available, email address.

4.6. When assigning (assigning) radio frequencies or a radio frequency channel for radio electronic means:

4.6.1. surname, name, patronymic (the last one, if available);

4.6.2. type, series, number of the identity document, name of the authority that issued it, date of issue;

4.6.3. residence address;

4.6.4. contact number;

4.6.5. taxpayer identification number.

4.7. As part of the licensing activities in the field of communications, the following personal data of applicants may be processed:

4.7.1. surname, name, patronymic (the last one, if available);

4.7.2. type, series, number of the identity document;

4.7.3. residence address;

4.7.4. contact phone number and, if available, email address.

4.8. As part of the formation of the FSIS register, the following personal data of applicants are processed:

4.8.1. surname, name, patronymic (the last one, if available);

4.8.2. the name of the position held;

4.8.3. contact phone number, email address.

4.9. As part of the activities to protect the rights of personal data subjects, the processing of the following personal data of applicants is carried out:

4.9.1. surname, name, patronymic (the last one, if available);

4.9.2. type, series, number of the identity document, name of the authority that issued it, date of issue;

4.9.3. postal address of the place of residence;

4.9.4. E-mail address;

4.9.5. phone number;

4.9.6. taxpayer identification number;

4.9.7. information about work activity and details of the work book;

4.9.8. information about education, including postgraduate professional education (name and year of graduation from the educational institution, name and details of the document on education, qualification, specialty according to the document on education).

4.10. The processing of personal data necessary in connection with the provision of public services and the performance of public functions specified in paragraph 4.1 of this Regulation is carried out without the consent of the subjects of personal data in accordance with paragraph 4 of part 1 of Article 6 of the Federal Law "On Personal Data", the Federal Laws "On organization of the provision of state and municipal services", "On the procedure for considering applications from citizens of the Russian Federation", "On licensing certain types of activities", the Law of the Russian Federation "On the mass media" and other regulatory legal acts that determine the provision of public services and the performance of state functions in the established sphere of competence of Roskomnadzor.

4.11. The processing of personal data necessary in connection with the provision of public services and the performance of public functions specified in paragraph 4.1 of this Regulation is carried out by structural units of the central office of Roskomnadzor that provide relevant public services and (or) perform public functions, and includes the following actions: collection , recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

4.12. Collection, recording, systematization, accumulation and clarification (updating, changing) of personal data of subjects who applied to the central office of Roskomnadzor to obtain public service or for the purpose of performing a public function, is carried out by:

4.12.1. obtaining the originals of the required documents (application);

4.12.2. certification of copies of documents;

4.12.3. entering information into accounting forms (on paper and electronic media);

4.12.4. entering personal data into the application software subsystems of the Unified Information System of Roskomnadzor.

4.13. Collection, recording, systematization, accumulation and clarification (updating, changing) of personal data is carried out by obtaining personal data directly from personal data subjects (applicants).

4.14. When providing a public service or performing a public function, the central office of Roskomnadzor is prohibited from requesting personal data from subjects and third parties, as well as processing personal data in cases not provided for by the legislation of the Russian Federation.

4.15. When collecting personal data, the authorized executive structural unit the central office of Roskomnadzor, which receives personal data directly from personal data subjects who have applied for the provision of a public service or in connection with the performance of a public function, is obliged to explain to the said personal data subjects the legal consequences of refusing to provide personal data.

4.16. Transfer (distribution, provision) and use of personal data of applicants (subjects of personal data) by the central office of Roskomnadzor is carried out only in cases and in the manner prescribed by federal laws.

V. The procedure for processing personal data of subjects

personal data in information systems

5.1. The processing of personal data in the central office of Roskomnadzor is carried out:

5.1.1. In the "Information system of personal data of Roskomnadzor";

5.1.2. At the automated workplaces certified for the processing of personal data that are part of the "Unified Information System of Roskomnadzor";

5.1.3. In the information system "1C: Enterprise 8";

5.1.4. At automated workplaces of employees of the personnel division of Roskomnadzor.

5.2. The "Roskomnadzor Personal Data Information System" (hereinafter - Roskomnadzor ISPD) contains personal data of civil servants of Roskomnadzor, subjects (applicants) who applied to Roskomnadzor in order to receive public services or in connection with the performance of public functions, and includes:

5.2.1. personal identifier;

5.2.2. surname, name, patronymic of the subject of personal data;

5.2.3. type of document proving the identity of the subject of personal data;

5.2.4. the series and number of the document proving the identity of the subject of personal data, information on the date of issue of the said document and the authority that issued it;

5.2.5. address of the place of residence of the subject of personal data;

5.2.6. postal address of the subject of personal data;

5.2.7. contact phone, fax (if available) of the subject of personal data;

5.2.8. e-mail address of the subject of personal data;

5.2.9. TIN of the subject of personal data.

5.3. Certified in accordance with the legislation of the Russian Federation for the processing of personal data, automated workstations that are part of the "Roskomnadzor Unified Information System" (hereinafter referred to as the ARM UIS of Roskomnadzor) include personal data of subjects received by employees of the central office of Roskomnadzor as part of the provision of public services and the execution of public features and include:

5.3.1. personal identifier;

5.3.2. address of the place of residence of the subject of personal data;

5.3.3. postal address of the subject of personal data;

5.3.4. phone number of the subject of personal data;

5.3.5. fax of the subject of personal data;

5.3.6. e-mail address of the subject of personal data.

5.4. The information system "1C: Enterprise 8" and the application software subsystems "AKSIOK" and "1C Accounting" contain personal data of civil servants of the central office of Roskomnadzor and individuals who are parties to civil law contracts concluded by the central office of Roskomnadzor, and includes:

5.4.1. surname, name, patronymic of the subject of personal data;

5.4.2. date of birth of the subject of personal data;

5.4.3. place of birth of the subject of personal data;

5.4.4. the series and number of the main document proving the identity of the subject of personal data, information about the date of issue of the said document and the authority that issued it;

5.4.5. address of the place of residence of the subject of personal data;

5.4.6. postal address of the subject of personal data;

5.4.7. phone number of the subject of personal data;

5.4.8. TIN of the subject of personal data;

5.4.9. personnel number of the subject of personal data;

5.4.10. position of the subject of personal data;

5.4.11. order number and date of employment (dismissal) of the subject of personal data.

5.5. Automated workplaces of employees of the personnel division of Roskomnadzor involve the processing of personal data of civil servants of Roskomnadzor, provided for in clause 2.2 of this Regulation.

5.6. Classification of personal data information systems specified in paragraph 5.1 of this Regulation is carried out in the manner established by law Russian Federation.

5.7. Civil servants of structural divisions of the central office of Roskomnadzor, who have the right to process personal data in the information systems of the central office of Roskomnadzor, are provided with a unique login and password to access the relevant information system of Roskomnadzor. Access is provided to application software subsystems in accordance with the functions provided for by the job regulations of civil servants of Roskomnadzor.

Information can be entered both automatically, upon receipt of personal data from single portal public services or the official website of Roskomnadzor, and in manual mode, upon receipt of information on paper or in another form that does not allow its automatic registration.

5.8. Ensuring the security of personal data processed in the information systems of personal data of the central office of Roskomnadzor is achieved by eliminating unauthorized, including accidental, access to personal data, as well as taking the following security measures:

5.8.1. identification of threats to the security of personal data during their processing in information systems of personal data of the central office of Roskomnadzor;

5.8.2. application of organizational and technical measures to ensure the security of personal data during their processing in the information systems of personal data of the central office of Roskomnadzor, necessary to meet the requirements for the protection of personal data, the implementation of which ensures the levels of protection of personal data established by the Government of the Russian Federation;

5.8.3. application of procedures for assessing the conformity of information security tools that have passed in the prescribed manner;

5.8.4. assessment of the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the personal data information system;

5.8.5. accounting of machine carriers of personal data;

5.8.6. detection of facts of unauthorized access to personal data and taking measures;

5.8.7. recovery of personal data, modified or deleted, destroyed due to unauthorized access to them;

5.8.8. establishing rules for access to personal data processed in the information systems of personal data of the central office of Roskomnadzor, as well as ensuring the registration and accounting of all actions performed with personal data in the information systems of personal data of the central office of Roskomnadzor;

5.8.9. control over the measures taken to ensure the security of personal data and the levels of security of personal data information systems.

5.9. Structural division of Roskomnadzor responsible for providing information security in the central office of Roskomnadzor, organizes and controls the accounting of material carriers of personal data.

5.10. The structural subdivision of the central office of Roskomnadzor, responsible for ensuring the security of personal data during their processing in the information systems of personal data of the central office of Roskomnadzor, must ensure:

5.10.1. timely detection of facts of unauthorized access to personal data and immediate communication of this information to the person responsible for organizing the processing of personal data in the central office of Roskomnadzor and the head of Roskomnadzor;

5.10.2. prevention of impact on technical means of automated processing of personal data, as a result of which their functioning may be disrupted;

5.10.3. the possibility of recovering personal data modified or destroyed due to unauthorized access to them;

5.10.4. constant monitoring of ensuring the level of protection of personal data;

5.10.5. knowledge of and compliance with the conditions for the use of information security tools provided for by operational and technical documentation;

5.10.6. taking into account the means of information protection, operational and technical documentation to them, carriers of personal data;

5.10.7. upon detection of violations of the procedure for providing personal data, immediate suspension of the provision of personal data to users of the personal data information system until the causes of violations are identified and these causes are eliminated;

5.10.8. investigation and drawing up conclusions on the facts of non-compliance with the conditions of storage of material carriers of personal data, the use of information security tools that may lead to a violation of the confidentiality of personal data or other violations leading to a decrease in the level of protection of personal data, the development and adoption of measures to prevent possible dangerous consequences of such violations .

5.11. The structural subdivision of the central office of Roskomnadzor, responsible for ensuring the functioning of personal data information systems in the central office of Roskomnadzor, takes all necessary measures to restore personal data, modified or deleted, destroyed due to unauthorized access to them.

5.12. The exchange of personal data during their processing in the information systems of personal data of the central office of Roskomnadzor is carried out through communication channels, the protection of which is ensured by implementing the appropriate organizational measures and through the use of software and hardware.

5.13. The access of civil servants of Roskomnadzor to personal data located in the information systems of personal data of the central office of Roskomnadzor provides for the mandatory passage of the identification and authentication procedure.

5.14. In case of violations of the procedure for processing personal data in the information systems of personal data of the central office of Roskomnadzor, authorized officials immediately take measures to establish the causes of violations and eliminate them.

VI. Processing of personal data within the framework

interdepartmental information exchange

using unified system interdepartmental

electronic interaction

6.1. Roskomnadzor, in accordance with the legislation of the Russian Federation, processes personal data within the framework of interdepartmental electronic information exchange in in electronic format with federal authorities state power using a unified system of interdepartmental electronic interaction (hereinafter - SMEV).

6.2. Roskomnadzor, within the framework of SMEV, on the basis of interdepartmental requests received, sends information, including personal data of subjects processed in the central office of Roskomnadzor, to the following federal authorities executive power:

6.2.1. to the Federal Communications Agency - last name, first name, patronymic, taxpayer identification number of the owner of the license to carry out activities for the provision of communication services;

6.2.2. to the Ministry of Internal Affairs of the Russian Federation - the surname, name, patronymic, taxpayer identification number of the owner of the permit for the use of radio frequencies;

6.2.3. to the Federal Agency for Press and Mass Communications, the Federal customs service- surname, name, patronymic of the founder of the mass media.

6.3. Roskomnadzor within the framework of SMEV has the right to send interdepartmental requests for information, including personal data of subjects, to the following federal executive authorities:

6.3.1. to the Federal tax service- on providing information from the Unified State Register of Legal Entities and the Unified State Register individual entrepreneurs(information about the founders - individuals);

6.3.2. in Federal Service state registration, cadastre and cartography - on the provision of information from the Unified State Register of Rights to Real Estate in relation to right holders (last name, first name, patronymic, date of birth, series and number of the main identity document, place of birth, address of residence, citizenship);

6.3.3. to the Ministry of the Russian Federation for Civil Defense Affairs, emergencies and elimination of consequences of natural disasters - on providing the surname, name, patronymic of the shipowner.

6.4. The processing of personal data is also carried out by Roskomnadzor in the implementation of electronic interaction with the federal state unitary enterprises of the radio frequency service subordinate to Roskomnadzor within the framework of the powers provided for by the legislation of the Russian Federation.

VII. Terms of processing and storage of personal data

7.1. The terms for processing and storing personal data of civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, are determined in in accordance with the legislation of the Russian Federation. Taking into account the provisions of the legislation of the Russian Federation, the following terms for processing and storing personal data of civil servants are established:

7.1.1. Personal data contained in orders for the personnel of Roskomnadzor civil servants (on admission, on transfer, on dismissal, on the establishment of allowances) are subject to storage in the personnel division of Roskomnadzor for two years, with the subsequent formation and transfer of these documents to the archive of the central office of Roskomnadzor or state archive in the manner prescribed by the legislation of the Russian Federation, where they are stored for 75 years.

7.1.2. Personal data contained in the personal files of civil servants of Roskomnadzor (copies of personal files of heads of territorial bodies of Roskomnadzor) and heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as personal cards of civil servants of Roskomnadzor, are stored in the personnel division of Roskomnadzor for ten years, with subsequent formation and transfer of the specified documents to the archive of the central office of Roskomnadzor or the state archive in the manner prescribed by the legislation of the Russian Federation, where they are stored for 75 years.

7.1.3. Personal data contained in orders for incentives, material assistance to civil servants of Roskomnadzor are subject to storage for two years in the personnel division of Roskomnadzor with the subsequent formation and transfer of these documents to the archive of the central office of Roskomnadzor or the state archive in the manner prescribed by the legislation of the Russian Federation, where they are stored for 75 years.

7.1.4. Personal data contained in vacation orders, short-term domestic and foreign business trips, disciplinary action civil servants of Roskomnadzor are subject to storage in the personnel division of Roskomnadzor for five years with subsequent destruction.

7.1.5. Personal data contained in the documents of applicants for a vacant civil service position in the central office of Roskomnadzor who were not allowed to participate in the competition, and candidates who participated in the competition, are stored in the personnel department of Roskomnadzor for 3 years from the date of completion of the competition, after which they are subject to destruction .

7.2. The terms for processing and storing personal data provided by personal data subjects to the central office of Roskomnadzor in connection with the receipt of public services and the performance of public functions specified in paragraph 4.1 of this Regulation are determined by regulatory legal acts regulating the procedure for their collection and processing.

7.3. Personal data of citizens who applied to the central office of Roskomnadzor in person, as well as those who sent individual or collective written applications or applications in the form of an electronic document, are stored for five years.

7.4. Personal data provided by subjects on paper in connection with the provision of public services by the central office of Roskomnadzor and the performance of government functions are stored on paper in the structural divisions of the central office of Roskomnadzor, whose powers include the processing of personal data in connection with the provision of a public service or the performance of a public function , in accordance with approved regulations on the relevant structural subdivisions of the central office of Roskomnadzor.

7.5. Personal data during their processing carried out without the use of automation tools should be separated from other information, in particular by fixing them on different material carriers of personal data, in special sections or on the fields of forms (forms).

7.6. It is necessary to ensure the separate storage of personal data on different material media, the processing of which is carried out for various purposes defined by this Regulation.

7.7. Control over the storage and use of physical media of personal data, which does not allow unauthorized use, clarification, distribution and destruction of personal data located on these media, is carried out by the heads of structural divisions of the central office of Roskomnadzor.

7.8. The period of storage of personal data entered into the personal data information systems of Roskomnadzor specified in clause 5.1 of this Regulation must correspond to the period of storage of paper originals.

VIII. The procedure for the destruction of personal data

when the purposes of processing are achieved or when

other legal grounds

8.1. The structural subdivision of the central office of Roskomnadzor, responsible for document circulation and archiving, systematically controls and allocates documents containing personal data with expired storage periods and subject to destruction.

8.2. The issue of the destruction of selected documents containing personal data is considered at a meeting of the Central Expert Commission of Roskomnadzor (hereinafter referred to as the CEC of Roskomnadzor), the composition of which is approved by order of Roskomnadzor.

Based on the results of the meeting, a protocol and an Act on the allocation of documents for destruction, an inventory of the destroyed cases are drawn up, their completeness is checked, the act is signed by the chairman and members of the CEC of Roskomnadzor and approved by the head of Roskomnadzor.

8.3. The central office of Roskomnadzor, in accordance with the procedure established by the legislation of the Russian Federation, determines a contracting organization that has the necessary production base to ensure the established procedure for the destruction of documents. An official of the central office of Roskomnadzor responsible for archival activities accompanies documents containing personal data to the contractor's production base and is present during the procedure for destroying documents (burning or chemical destruction).

8.4. Upon completion of the destruction procedure, the contractor and the official of the central office of Roskomnadzor responsible for archival activities draw up an appropriate Act on the destruction of documents containing personal data.

8.5. Destruction at the end of the period for processing personal data on electronic media is carried out by mechanically violating the integrity of the media, which does not allow reading or restoring personal data, or by deleting from electronic media by methods and means of guaranteed removal of residual information.

IX. Consideration of requests from personal data subjects

or their representatives

9.1. Civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor and who have submitted documents for participation in the competition, persons filling positions of heads of directors of federal state unitary enterprises subordinate to Roskomnadzor, citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, civil servants of the central office and territorial bodies of Roskomnadzor and persons related to them (property), who applied for a one-time subsidy for the purchase of housing, as well as citizens whose personal data is processed in the central office of Roskomnadzor in connection with the provision of public services and the implementation public functions, have the right to receive information regarding the processing of their personal data, including information containing:

9.1.1. confirmation of the fact of personal data processing in the central office of Roskomnadzor;

9.1.2. legal grounds and purposes of personal data processing;

9.1.3. methods of processing personal data used in the central office of Roskomnadzor;

9.1.4. the name and location of the central office of Roskomnadzor, information about persons (with the exception of civil servants of the central office of Roskomnadzor) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the central office of Roskomnadzor or on the basis of federal law;

9.1.5. processed personal data relating to the relevant subject of personal data, the source of their receipt, unless a different procedure for the provision of such data is provided by federal law;

9.1.6. terms of processing personal data, including the terms of their storage in the central office of Roskomnadzor;

9.1.7. the procedure for the exercise by the subject of personal data of the rights provided for by the legislation of the Russian Federation in the field of personal data;

9.1.8. information about the completed or proposed cross-border data transfer;

9.1.9. the name of the organization or the surname, name, patronymic and address of the person processing personal data on behalf of the central office of Roskomnadzor, if the processing is or will be entrusted to such an organization or person;

9.1.10. other information provided for by the legislation of the Russian Federation in the field of personal data.

9.2. The persons specified in paragraph 9.1 of this Regulation (hereinafter referred to as personal data subjects) have the right to demand from the central office of Roskomnadzor the clarification of their personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights.

9.3. The information specified in subparagraphs 9.1.1 - 9.1.10 of paragraph 9.1 of this Regulation must be provided to the subject of personal data by the operator in an accessible form, and they should not contain personal data related to other subjects of personal data, unless legal grounds to disclose such personal data.

9.4. The information specified in subparagraphs 9.1.1 - 9.1.10 of paragraph 9.1 of this Regulation is provided to the subject of personal data or his representative by an authorized official of the structural unit of the central office of Roskomnadzor that processes the relevant personal data when applying or upon receipt of a request from the subject of personal data or his representative . The request must contain:

9.4.1. number of the main document proving the identity of the subject of personal data or his representative, information on the date of issue of the said document and the authority that issued it;

9.4.2. information confirming the participation of the subject of personal data in legal relations with the central office of Roskomnadzor by the operator (a document confirming the acceptance of documents for participation in the competition for substitution vacancies state civil service, the provision by the central office of Roskomnadzor of a public service or the exercise of a state function), or information otherwise confirming the fact of processing personal data in the central office of Roskomnadzor, the signature of the subject of personal data or his representative. The request can be sent in the form of an electronic document and signed electronic signature in accordance with the legislation of the Russian Federation.

9.5. If the information specified in sub-clauses 9.1.1 - 9.1.10 of clause 9.1 of these Regulations, as well as the personal data being processed were provided for review to the subject of personal data at his request, the subject of personal data has the right to apply again to the central office of Roskomnadzor or send a second request for the purpose of obtaining the specified information and familiarization with such personal data no earlier than thirty days after the initial request or sending the initial request, unless a shorter period is established by federal law, a regulatory legal act adopted in accordance with it or an agreement to which a party or beneficiary or the guarantor for which the subject of personal data is.

9.6. The subject of personal data has the right to apply again to the central office of Roskomnadzor or send a second request in order to obtain the information specified in subparagraphs 9.1.1 - 9.1.10 of paragraph 9.1 of these Regulations, as well as in order to familiarize themselves with the processed personal data before the expiration of the period specified in paragraph 9.5 of this Regulation, if such information and (or) processed personal data were not provided to him for review in full based on the results of consideration of the initial application. A repeated request, along with the information specified in paragraph 9.4 of this Regulation, must contain the rationale for sending a repeated request.

9.7. The central office of Roskomnadzor (an authorized official of the central office of Roskomnadzor) has the right to refuse the subject of personal data to fulfill a repeated request that does not meet the conditions provided for in clauses 9.5 and 9.6 of these Regulations. Such refusal must be motivated.

9.8. The right of the subject of personal data to access his personal data may be limited in accordance with federal laws, including if the access of the subject of personal data to his personal data violates the rights and legitimate interests of third parties.

X. Person responsible for organizing the processing

personal data in the central office of Roskomnadzor

10.1. The person responsible for organizing the processing of personal data in the central office of Roskomnadzor (hereinafter - the person responsible for the processing of personal data in Roskomnadzor) is appointed by the head of Roskomnadzor from among civil servants belonging to the highest and (or) main group of positions of the category "heads" of the central office of Roskomnadzor in accordance with the distribution responsibilities.

10.2. The person responsible for the processing of personal data of Roskomnadzor in his work is guided by the legislation of the Russian Federation in the field of personal data and this Regulation.

10.3. The person responsible for the processing of personal data of Roskomnadzor is obliged to:

10.3.1. organize the adoption of legal, organizational and technical measures to ensure the protection of personal data processed in the central office of Roskomnadzor from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data;

10.3.2. realize internal control for the observance by civil servants of the central office of Roskomnadzor of the requirements of the legislation of the Russian Federation in the field of personal data, including the requirements for the protection of personal data;

10.3.3. bring to the attention of civil servants of the central office of Roskomnadzor the provisions of the legislation of the Russian Federation in the field of personal data, local acts on the processing of personal data, requirements for the protection of personal data;

10.3.4. organize the reception and processing of applications and requests from personal data subjects or their representatives, as well as to monitor the receipt and processing of such applications and requests in the central office of Roskomnadzor;

10.3.5. in the event of a violation in the central office of Roskomnadzor of the requirements for the protection of personal data, take the necessary measures to restore the violated rights of personal data subjects.

10.4. The person responsible for the processing of personal data has the right to:

10.4.1. have access to information regarding the processing of personal data in the central office of Roskomnadzor and including:

10.4.1.1. the purposes of processing personal data;

10.4.1.4. legal grounds for the processing of personal data;

10.4.1.5. a list of actions with personal data, a general description of the methods of processing personal data used in the central office of Roskomnadzor;

10.4.1.6. a description of the measures provided for by Articles 18.1 and 19 of the Federal Law "On Personal Data", including information on the availability of encryption (cryptographic) means and the names of these means;

10.4.1.7. date of commencement of personal data processing;

10.4.1.8. the term or conditions for terminating the processing of personal data;

10.4.1.9. information about the presence or absence of cross-border transfer of personal data in the process of their processing;

10.4.1.10. information on ensuring the security of personal data in accordance with the requirements for the protection of personal data established by the Government of the Russian Federation;

10.4.2. involve in the implementation of measures aimed at ensuring the security of personal data processed in the central office of Roskomnadzor, other civil servants of the central office of Roskomnadzor with the assignment of appropriate duties and responsibility to them.

10.5. The person responsible for the processing of personal data in the central office of Roskomnadzor is responsible for the proper performance of the assigned functions for organizing the processing of personal data in the central office of Roskomnadzor in accordance with the provisions of the legislation of the Russian Federation in the field of personal data.

Publication time: 02/06/2018 16:03
Last modified: 06.02.2018 16:05