Changes in Personal Data Regulations

This year, changes in the legislation also affected the Law No. 152 on the protection of personal data. To prevent illegal collection and dissemination of personal data on various websites, new rules have been developed that will regulate and protect publicly available personal data.

1. The “general” consent to the processing of personal data is canceled - now it is necessary to obtain a separate consent to the processing and a separate consent to the dissemination of each type of personal data (separately for the full name, phone number, mail, date of birth and others). Thus, when filling out feedback forms on any websites, separate questions should appear for each type of information with the possibility of a direct answer to it. At the same time, the new rules do not require re-issuing the consent already received for the processing of personal data.
2. It is prohibited to process personal data that are posted by the subject themselves in a public place (for example, in social networks, resume). Now, in order to use this data, a separate consent must be obtained.
3. Within 3 days after the consent is received, the operator is obliged to publish on its website information on the processing conditions and on the existence of prohibitions and conditions for the processing of personal data by an unlimited number of persons.
4. It will be possible to obtain consent using a new form with the help of the information system, which is now being developed and approved by Roskomandzor
5. Personal data subjects are granted the right to revoke their consent in whole or in certain categories, as well as the right to prohibit the use of their personal data to any resource without providing evidence of unlawful use. The operator has 3 working days to fulfill such a requirement, otherwise the subject may go to court to bring the operator to responsibility.

At the same time, in accordance with the new rules, liability for violation of personal data protection legislation was toughened:

Firstly, such type of punishment as “warning” is canceled. Now, for any violation in this area, only fines are provided.

Secondly, higher fines are imposed for repeated violations. If a company violates the law on the protection of personal data for the first time, it will have to pay a fine in amount of 60,000 to 100,000 rubles, and for a repeated violation - from 100,000 to 300,000 rubles.

And, thirdly, the limitation period for bringing to administrative responsibility has increased from 3 months to 1 year.

Shall you have any questions regarding the legality of the processing and distribution of personal data, feel free contact TEAM!