Legal support of personal data protection and processing
Personal data is any information relating to directly or indirectly determined or determined by an individual (the subject of personal data). In accordance with the Russian legislation, the personal data operator is a state body, a municipal body, a legal entity or an individual, organizing and (or) processing personal data, as well as determining the purposes of personal data processing, the composition of personal data to be processed, independently or together with other persons, actions (operations) performed with personal data.
Thus, almost any legal entity that has employees in its staff, or an individual entrepreneur entering into contracts with individuals, as well as collecting or processing personal data due to other reasons will act as personal data operators.
The operator is obliged to provide the subject of personal data with information about the operator, as well as the objectives and legal basis for the processing of personal data. In addition, the operator of personal data, prior to their processing, is obliged to send a notification to the Federal Service for Supervision of Communications, Information Technology, and Mass Media.
The legislation on the protection of personal data establishes the following measures, which are required to take the operator to perform their duties:
- appointment of a person responsible for organizing the processing of personal data;
- publication of documents defining the policy of the operator in relation to the processing of personal data and local acts (if the operator is a legal entity);
- application of legal, organizational and technical measures to ensure the security of personal data;
- implementation of internal control and (or) audit of compliance of personal data processing with the legislation on personal data;
- assessment of the harm that may be caused to the subjects of personal data in case of violation of the law on personal data;
- familiarization of the operator's employees, who directly process personal data, with the provisions of the legislation of the Russian Federation on personal data.
Moreover, Article 13.11 of the Code on Administrative Offenses of the Russian Federation establishes various measures of responsibility for various types of violations by the operator of the requirements of the legislation on the protection of personal data.
Thus, the implementation of the above measures by the operator, as well as protection from the consequences of possible violations of personal data laws, require the preparation of a substantial number of documents necessary for legal support of the operator’s activities.
The Russian legislation on personal data does not establish an exhaustive list of documents necessary for the operator to carry out its activities. Nevertheless, competent study and documenting of all the nuances associated with the activity of the operator of personal data improves the quality of his work and reduces the risks of bringing to administrative responsibility.
The specialists of BRACE Law Firm provide the following legal support services in the field of personal data protection:
- due diligence (comprehensive verification) of compliance with the law on personal data with the development of recommendations;
- development and legal expertise of provisions on the protection and processing of personal data;
- analysis of the mode of processing and protection of personal data for compliance with the General Data Protection Regulation (GDPR);
- drafting orders on appointing a person responsible for the processing of personal data/on the formation of a commission, carrying out an internal audit of compliance with legislation on the protection of personal data and bringing local legal acts in accordance with applicable law, as well as developing a provision on such a commission;
- development of regulations for the registration, storage and destruction of personal data received by the operator;
- preparation of the form of such documents as consent of the subject of personal data to the processing of personal data, confidentiality agreements obtained during the processing of personal data information, the form of the journal familiarizing employees with the provisions on the protection and processing of personal data;
- preparation of a notice to the Federal Service for Supervision of Communications, Information Technology, and Mass Media on the processing of personal data with a representation of the interests of the applicant in the specified authority;
- representing the interests of personal data operators in the event of bringing them to responsibility for violations of the law in the field of personal data processing.
- Drafting and legal expertise of contracts according to Russian law
- Legal protection of confidential information according to Russian law
- Drafting documents aimed at compliance with anti-corruption legislation
- Legal support of foreign companies in Russia
- Preparation and alignment with the law internal policies and other local acts according to Russian law
- Legal support of online trading
- Legal support of product promotion and advertising campaigns