Few Mistakes & Misconceptions When Working With PD
Storage Of Extra Documents
A list of employee documents can be stored in the company (part 5 of article 5 of the Federal Law of July 27, 2006, No. 152-FZ); all other papers should be destroyed or returned to the employee after use. A fine may be imposed on the company if supplementary documents are found during the personal file check-in.
An Order To Appoint A Person Responsible For PD Processing Was Drawn Up Incorrectly; There Is No List Of Persons With Access To Data
An employee who will work with personal data must maintain the confidentiality of information to which he has access. A common mistake when issuing an order is the lack of a list of requirements for protecting personal data. You can get a warning or a fine for the incorrect preparation of the document. It is also essential to draw up an order indicating all employees who may have access to PD.
Notification For Roskomnazor Is Incorrect Or Missing
According to paragraph 1 of Art. 22 152-FZ, companies must notify Roskomnadzor of the processing of personal data. Often this moment is missed, considering that they process data within the framework of labor legislation; however, it does not affect all the nuances of working with PD.
Popular Misconceptions When Working With PD
Now let’s talk about common misconceptions:
Long Time To Check. There Will Be Free Time; Then, We’ll Figure It Out.
If you don’t think something is important enough, there’s never time for it. As a result, the problem will have to be solved at the last moment, and haste is fraught with errors. It is easy to miss something important and then get fines and orders.
It is better to properly organize work with PD and keep all documents in order. Then even an unexpected check will not take you by surprise.
To Comply With Legal Requirements, You Can Download Document Templates Online And Send A Notification To Roskomnadzor
The laws regulating the work with personal information affect only a part of the documents: consent to the processing, processing policy, determining the level of security, the regulation on the processing of employees’ data, and the threat model. Art. 18.1 152-FZ includes rather vague definitions, so it is not always clear what exactly needs to be done, at least for minimum compliance. If not all documents are submitted to Roskomnadzor, you can quickly get a fine of up to 130,000 rubles.
In addition, PD operators must take technical protection measures, which are necessary for your company, and how to minimize costs – Cloud4Y experts will tell you.
Also Read: Types Of Cloud Backups