Changes are planned in FZ-152
On the site of regulation.gov.ru appeared and already passed June 25, 2018, the end of the public discussion two interesting projects:
- Draft Federal Law “On Amendments to Certain Legislative Acts of the Russian Federation (in terms of clarifying the principles of processing personal data in state information systems)”
- Draft Federal Law “On Amendments to Article 13.11 of the Code of Administrative Offenses of the Russian Federation”
The interesting thing about these projects is that they are going to make changes in the Federal Law 152 “On Personal Data” and the “Administrative Code”, which is already suggestive.
So, let's not invent anything, but just quote:
"one. Part 5 of Article 6 shall be supplemented with the following paragraphs:That is, if you are a PD operator and at the same time entrust the processing of PD to someone else, then you must also exercise some proper control over the person who was assigned to handle the PD. Here, of course, it is not entirely clear, and who will let you delve into the same papers? Climb to information systems?
“The operator who entrusted the processing of personal data to another person shall be responsible for exercising proper control over the actions of another person in accordance with the legislation of the Russian Federation.
The procedure for the operator to control the actions of the person processing personal data on his instructions shall be established by the operator independently. ”
Another question, to the paragraph below, nobody developed the order of control, the operator must establish it himself! At the same time, the order should be “proper”, and who should evaluate this?
Put the question in another plane - the human resources that will be required for such control. Those. the person who came for example for 1C to the SaaS-providerWell, in order to make it faster / easier / cheaper there, should I now have a person on my staff who will develop an "Order for the operator to control the actions of a person ..." and then implement it? On the other hand, one thousand of his clients who want to exercise their right to “proper control” each of them will also have fun at the SaaS provider, how many additional resources will be needed for this?
In general, some puzzles. We also remember about the “Administrative Code”, which also changes? Perhaps we quote almost the entire text:
Article 13.11 of the Code of Administrative Offenses of the Russian Federation (Collection of Legislation of the Russian Federation, 2002, No. 1, Article 1; 2007, No. 26, Article 3089; 2017, No. 7, Article 1032), add in parts 8 and 9 to read as follows:
“ eight. Failure by the operator to fulfill the duty of exercising proper control over the actions of the person processing personal data as instructed by the operator, as provided for by the legislation of the Russian Federation,
shall entail a warning or imposition of an administrative fine on citizens in the amount of one thousand to two thousand rubles; on officials - from three thousand to six thousand rubles; for individual entrepreneurs - from five thousand to ten thousand rubles; on legal entities - from ten thousand to thirty thousand rubles.
9. Violation by a person who processes personal data on behalf of the operator of the requirements of the Russian legislation in the field of personal data -
shall entail the imposition of an administrative fine on the operator who instructed this person to process personal data: on citizens in the amount of from three thousand to five thousand rubles; on officials - from five thousand to fifteen thousand rubles; for individual entrepreneurs - from ten thousand to twenty thousand rubles; on legal entities - from fifteen thousand to thirty thousand rubles. "
As they say, hello to operators! - up to 30 thousand fine.
Handlers - the same amount.
Hope dies last, and it’s too early to make a panic, maybe everything will be reduced to the dialogue between the operator and the handler:
- Are you observing?
- The proper control is over.
For those who are interested to get acquainted with the full texts of these projects, I can find them through the links:
- On Amendments to Certain Legislative Acts of the Russian Federation (in terms of clarifying the principles of processing personal data in state information systems)
- On Amendments to Article 13.11 of the Code of Administrative Offenses of the Russian Federation
Follow the link to download our White Paper on Federal Law No. 152 .
This is a book that was published to help eliminate confusion in the processing of personal data and clearly describe the process of bringing personal data to IP in accordance with the laws of Russia. The topic is revealed from scratch. It helps to meet the needs of a wide range of readers.