Awara Direct Search, profile picture
Uploaded byAwara Direct Search
PPTX, PDF849 views

Processing of Personal Data. What’s new?

The document summarizes new Russian laws regarding the processing and storage of personal data of Russian citizens. Key points include: - From January 1, 2015, all personal data of Russian citizens must be stored on databases located in Russia, with some exceptions. - The law broadly defines personal data in a manner similar to the EU's definition. Personal data includes any information that can directly or indirectly identify an individual. - Companies will need to notify authorities of the location of databases storing personal data and could face fines or blocking of websites for non-compliance. - There is debate around whether some personal data can still be stored abroad if it is also stored in Russia, or if all personal data of Russian citizens

Law

Embed presentation

Download to read offline
Processing of Personal Data. What’s new? by Anton Kabakov Hellevig, Klein & Usov November 21, 2014 1
2 2 From 1.1.2015 all Russian citizens’ personal data should be stored only in Russia!
3 3 Amendments to the law: Russian citizens’ personal data need to be recorded, compiled, stored, refined (updated, modified), extracted using databases located in Russia with certain exceptions.
1. What is considered to be “personal data” and what is not? 2. Is it currently allowed to transfer personal data abroad? 3. What are the changes to the law and what do they really state? 4. When these changes are expected to come into force? 4 4
• Russian definition of "personal data" is "broad" and borrowed from European Union law 5 5 Russia (Art. 3 (1)(1) of the Federal Law On Personal Data dated July 27, 2006) European Union (Art. 2 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data) Any information related to directly or indirectly identified or identifiable natural person. Any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, psychological, mental, economic, cultural or social identity.
 Vadim Ampelonsky (official representative of state controlling body - Roskomnadzor): "The minimum set of personal data necessary for the identification of the person is a combination of the first and last name and photograph of the subject”. (http://lenizdat.ru/articles/1124854/).  Physiological and biological features of a person on the basis of which one can identify him (Part 1, Art. 11 of the Law On Personal Data).  Can a person be identified by the IP-address of his computer, his e-mail account, or Skype account? 6 6 Which data are sufficient to identify a person?
7 7 Mr. Homer JMayr. SHimoMmprs.e oSrn iJm,a Sypa sSfoiemntyp Isnosnpector at the Springfield Nuclear Power Plant
Information considered to be personal data identifying a person:  Passport data  Fingerprinting information  Name together with photograph  Name together with the date of birth, and information about the parents and their dates of birth Information not sufficient to identify a person and not considered personal data:  Solely the name or registered address of the person  Blood group, etc.  Nationality 8 8
Public Biometric Special ("sensitive"), i.e., data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, health, private life Depersonalized? Is it still personal data if the natural person is not any longer identifiable? NEW REGULATION WILL APPLY TO ALL KINDS OF PERSONAL DATA 9 9 Kinds of personal data.
10 Law On Personal Data: Cross-border transfer of personal data to foreign states that are parties to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, as well as other foreign countries ensuring adequate protection of the rights of subjects of personal data is carried out in accordance with this federal law, and may be prohibited or limited in order to protect the constitutional system of the Russian Federation, morality, health, rights and lawful interests of citizens, national defense and state security. Convention on the Protection of Individuals with regard to Automatic Processing of Personal Data: A party shall not prohibit or subject to special authorization cross-border flows of personal data going to the territory of another party, for the sole purpose of protecting privacy.
a) Parties to the on the Protection of Individuals with regard to Automatic b) Ensuring adequate protection of the rights of the subjects of the personal 11 Sure, if personal data is transferred in foreign countries: Processing of Personal Data (which Russia is a party to) OR Ministry of Labor guidelines Amendments to Administrative Offenses and Criminal Codes data OR c) Any of the countries with the written consent of the individual Exceptions: Race, political opinion, religious convictions or other beliefs, health or private life, criminal record.
Russian citizens’ personal data will need to be recorded, compiled, stored, refined (updated, modified), extracted using databases located in Russia. 12 12 Companies will be required to notify the state agency of the location database with personal data. State authorities will be entitled to block the site violating the law On Personal Data.
 When are these changes expected to come into force?  Who fall under its scope? Territorial or extraterritorial principle of operation of the new law?  Are all categories of personal data of Russian citizens (public, biometric, special) prohibited from being stored using a database located abroad?  Will it not be possible to store personal data abroad duplicating if on the Russian databases (mirrors)?  If personal data is stored on mobile device (phone, laptop) how to comply with the requirement to keep it in Russia? 13 13
Personal data may recorded and stored abroad in cases where processing of personal data is necessary for inter alia: achieving the goals of an international treaty of the Russian Federation or the law, for fulfillment of operator’s obligations / function set out by law Does this mean that mandatory HR information may be stored abroad as previously? 14
If data is transferred cross border, apparently it will be stored abroad. As long as cross-border transfer of personal data is allowed, there could be no prohibition to store data abroad. It is possible to have solely mirror-databases in Russia 15
Questions Responses How do the restrictions correlate with the Convention of the Council of Europe? Can be personal data be stored in Russia and abroad? Can one store depersonalized personal data abroad? Opinion of Roskomnadzor: - Personal data may be transmitted abroad. After use it must be deleted; - Personal data may not be stored abroad. Opinion of presidential administration: No. It must be stored only in Russia. Technically, yes. 16
A public authority may require the hosting provider to block the site on the basis of a court decision. Fine on the offending company of up to RUB 10,000 17 17
18 Individual files a claim together with the court decision to state Получение объяснений Применение дисциплинарного взыскания agency Court rules that site violates Law on Personal Data Hosting provider sends notice to owner of resource State agency sends notice to hosting provider Owner of resource must remove the violation Hosting provider limits access
19 State agency opens access Owner of resource or hosting provider contacts Применение дисциплинарного взыскания state agency Owner of resource removes violation/ Court cancels earlier decision
American and European models of cross-border transfer of personal data The Russian model for cross-border transfer of personal data leans toward that of the EU. 20 20 USA European Union  There are no restrictions on cross-border transfer of personal data  Is not a country that provides the appropriate level of protection of personal data from the EU perspective  Safe Harbor Regulations  Cross-border transfer of personal data is allowed only in countries that ensure an adequate level of protection of these data  Requirements for the cross-border transfer of personal data can be applied to their subsequent transfer (art. 40 of the Proposal for a General Data Protection Regulation)  Planned transition from territorial to extraterritorial model (item 19 of the Preamble of the Proposal for a General Data Protection Regulation)
Recommendation:  Notify state authorities of personal data processing. If the company plans to process personal data, we recommend that prior to the entry into force of the law it notify the state authority. In that case, it does not need to specify the location of the databases with personal data.  Duplicate personal data in Russia, keeping original data abroad?  Transfer depersonalized data abroad?  Audit HR documents to identify those which may be stored 21 abroad  Duplicate personal data stored on mobile devices on servicers located in Russia?
• Measures must be necessary and sufficient to protect personal data against unauthorized access, destruction, copying, distribution or other misuse. • The operator independently determines the composition and the list of measures that are necessary and sufficient to fulfill the requirements of the Law. 22 22 Legal and organizational Technical  Consent to process personal data,  Local policy documents in relation to the processing of personal data,  Evaluation of the harm that may be caused to citizens in the case of the processing of their personal data in violation of the law,  Ensure unlimited access to policy documents of the operator in respect of the processing of personal data which meet the requirements for the protection of personal data. Accounting for machine storage devices of personal data, Application of approved procedures for assessment of means of information protection, Recovery of personal data, modified or destroyed by unauthorized access to it.
15.1.2012 23 Offices in 3 countries: Russia Ukraine Finland 150 professionals at your service Partnerships: AEB AmCham AHK SVKK SPIBA
Anton Kabakov Anton.Kabakov@awaragroup.com +7 (921) 397 1193 Call-center for all offices: +7 495 225 30 38 24

More Related Content

PDF
Data Localisation Legislation - Dansk Industri - December 2014
byDIITEK
 
PPT
M.Marusic Dzlp E Society En
byMetamorphosis
 
PDF
PLB Conference_Doing Business in Russia_Privacy Law Risk Update_July 5 2016
byAnastasia Zagorodnaya (Amosova)
 
PDF
Personal Data Protection in Pharmaceutical Sector (webinar presentation)
byAnastasiya Lemysh
 
PDF
Amicus curae roskomsvoboda_echr_kharitonov case
bySarkis Darbinyan
 
PDF
2020 ukraine association_implementation_report_final1
byPravotv
 
PDF
FOI reply from MoJ regarding meetings between Grayling and BFG representatives
bybjknight
 
PDF
Personal Data Protection Law in Russia - Accountor
byAccountor Russia and Ukraine
 
Data Localisation Legislation - Dansk Industri - December 2014
byDIITEK
 
M.Marusic Dzlp E Society En
byMetamorphosis
 
PLB Conference_Doing Business in Russia_Privacy Law Risk Update_July 5 2016
byAnastasia Zagorodnaya (Amosova)
 
Personal Data Protection in Pharmaceutical Sector (webinar presentation)
byAnastasiya Lemysh
 
Amicus curae roskomsvoboda_echr_kharitonov case
bySarkis Darbinyan
 
2020 ukraine association_implementation_report_final1
byPravotv
 
FOI reply from MoJ regarding meetings between Grayling and BFG representatives
bybjknight
 
Personal Data Protection Law in Russia - Accountor
byAccountor Russia and Ukraine
 

What's hot

PPT
RTI Sikkim Rules ppt
byBhim Thatal
 
PDF
Bulletin - US-EU Data Privacy Safe Harbor Program Invalidated
byCohenGrigsby
 
PPT
Bmc pio by shailesh gandhi
byDr Rita
 
PPT
Rti beginners 5 nov '12 by shailesh gandhi
byDr Rita
 
PDF
Justice raja judgment
bysabrangsabrang
 
PDF
Cia fy2017 foia_annual_report
byhttps://www.cia.gov.com
 
PDF
Overview of the Egyptian Personal Data Protection Law
byFatmaAkram2
 
PDF
Breve sintesi della "Personal Information Protection Law" cinese
byEdoardo Ferraro
 
PDF
RTI request to MOLAJ dated 14.08.2016
byOm Prakash Poddar
 
PDF
Second Appeal dated 21.04.2017 before CIC New Delhi against Non-disclosure of...
byOm Prakash Poddar
 
PDF
Surveillance and data retention in Poland
byRemigiuszRosicki
 
DOCX
интерпол
bynalianalia
 
PDF
Oig cbp holding rooms
byBryan Johnson
 
PPT
RTI ACT 2005 PART-III
byAvinash Kumar Gupta
 
PDF
First Appeal to MOLAJ dated 03.09.2016
byOm Prakash Poddar
 
PDF
2020 Global Review of Constitutional Law. Ukraine
byCentre of Policy and Legal Reform
 
PDF
Bombay high court suo moto pil
bysabrangsabrang
 
PDF
Pra Primer 04072010
bydslunceford
 
PDF
Data Privacy - Rights of the Data Subject
byJDP Consulting
 
PDF
Freedom on the Net 2015 - Russia (Freedom House)
byArtem Kozlyuk
 
RTI Sikkim Rules ppt
byBhim Thatal
 
Bulletin - US-EU Data Privacy Safe Harbor Program Invalidated
byCohenGrigsby
 
Bmc pio by shailesh gandhi
byDr Rita
 
Rti beginners 5 nov '12 by shailesh gandhi
byDr Rita
 
Justice raja judgment
bysabrangsabrang
 
Cia fy2017 foia_annual_report
byhttps://www.cia.gov.com
 
Overview of the Egyptian Personal Data Protection Law
byFatmaAkram2
 
Breve sintesi della "Personal Information Protection Law" cinese
byEdoardo Ferraro
 
RTI request to MOLAJ dated 14.08.2016
byOm Prakash Poddar
 
Second Appeal dated 21.04.2017 before CIC New Delhi against Non-disclosure of...
byOm Prakash Poddar
 
Surveillance and data retention in Poland
byRemigiuszRosicki
 
интерпол
bynalianalia
 
Oig cbp holding rooms
byBryan Johnson
 
RTI ACT 2005 PART-III
byAvinash Kumar Gupta
 
First Appeal to MOLAJ dated 03.09.2016
byOm Prakash Poddar
 
2020 Global Review of Constitutional Law. Ukraine
byCentre of Policy and Legal Reform
 
Bombay high court suo moto pil
bysabrangsabrang
 
Pra Primer 04072010
bydslunceford
 
Data Privacy - Rights of the Data Subject
byJDP Consulting
 
Freedom on the Net 2015 - Russia (Freedom House)
byArtem Kozlyuk
 

Viewers also liked

PPTX
Constraintsand challenges
byjyotikhadake
 
PPTX
Noggin - World's first marketplace for Personal Data
byNoggin Asia
 
PDF
My Data, My Value: 6 Sense Making Diagrams from the Personal Data Ecosystem.
byKaliya "Identity Woman" Young
 
PDF
Identity 101: Boot Camp for Identity North 2016
byKaliya "Identity Woman" Young
 
PDF
Personal Data Ecosystem - NSTIC Privacy Workshop
byKaliya "Identity Woman" Young
 
PPT
Data protection act
byIqbal Bocus
 
PPTX
Data Privacy and Protection Presentation
bymlw32785
 
PPTX
Data protection ppt
bygrahamwell
 
Constraintsand challenges
byjyotikhadake
 
Noggin - World's first marketplace for Personal Data
byNoggin Asia
 
My Data, My Value: 6 Sense Making Diagrams from the Personal Data Ecosystem.
byKaliya "Identity Woman" Young
 
Identity 101: Boot Camp for Identity North 2016
byKaliya "Identity Woman" Young
 
Personal Data Ecosystem - NSTIC Privacy Workshop
byKaliya "Identity Woman" Young
 
Data protection act
byIqbal Bocus
 
Data Privacy and Protection Presentation
bymlw32785
 
Data protection ppt
bygrahamwell
 

Similar to Processing of Personal Data. What’s new?

PPTX
Accountor: “Amendments to the Data Protection Law and their Potential Impact ...
byAccountor Russia and Ukraine
 
PDF
Revista Just in Case Țuca Zbârcea & Asociații, Iunie 2016
byȚuca Zbârcea & Asociații
 
PDF
Transatlantic Data Privacy - From Safe Harbor to Privacy Sheidl
byDaniel Parziale, CIPP/US
 
PPT
Data protection act new 13 12-11
bymrmwood
 
PPT
Challenges to Achieve Privacy for Online Consumers in Mexico
byJoel A. Gómez Treviño
 
PPT
Safety And Security Of Data 4
byWynthorpe
 
PPTX
EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data...
byEuropean Data Forum
 
PDF
Blake lapthorn In House Lawyer forum - 11 Sept 2012
byBlake Morgan
 
PPTX
The New Russian Law on Personal Data. Latest Developments. Dmitry Marinichev
byGalina Aristova
 
PDF
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
byBlake Morgan
 
PPTX
Introduction to data protection - Edinburgh - 29/04/15
byRachel Aldighieri
 
PDF
GDPR 11/1/2017
byisc2-hellenic
 
PDF
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
byChristopher Millard
 
PDF
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...
byLocalogy
 
PPT
CEE CMS Data Protection webinar series - Part 1
byCMSLondon
 
PPTX
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
byUpekha Vandebona
 
PPTX
Customers in the cloud pulse final
byFLUZO
 
PDF
Data Privacy Program – a customized solution for the new EU General Regulatio...
byIAB Bulgaria
 
PPTX
Get you and your business GDPR ready
byHarrison Clark Rickerbys
 
PDF
GIG Working Paper 02/2017 - The Definition of Personal Data
byIAB Europe
 
Accountor: “Amendments to the Data Protection Law and their Potential Impact ...
byAccountor Russia and Ukraine
 
Revista Just in Case Țuca Zbârcea & Asociații, Iunie 2016
byȚuca Zbârcea & Asociații
 
Transatlantic Data Privacy - From Safe Harbor to Privacy Sheidl
byDaniel Parziale, CIPP/US
 
Data protection act new 13 12-11
bymrmwood
 
Challenges to Achieve Privacy for Online Consumers in Mexico
byJoel A. Gómez Treviño
 
Safety And Security Of Data 4
byWynthorpe
 
EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data...
byEuropean Data Forum
 
Blake lapthorn In House Lawyer forum - 11 Sept 2012
byBlake Morgan
 
The New Russian Law on Personal Data. Latest Developments. Dmitry Marinichev
byGalina Aristova
 
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
byBlake Morgan
 
Introduction to data protection - Edinburgh - 29/04/15
byRachel Aldighieri
 
GDPR 11/1/2017
byisc2-hellenic
 
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
byChristopher Millard
 
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...
byLocalogy
 
CEE CMS Data Protection webinar series - Part 1
byCMSLondon
 
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
byUpekha Vandebona
 
Customers in the cloud pulse final
byFLUZO
 
Data Privacy Program – a customized solution for the new EU General Regulatio...
byIAB Bulgaria
 
Get you and your business GDPR ready
byHarrison Clark Rickerbys
 
GIG Working Paper 02/2017 - The Definition of Personal Data
byIAB Europe
 

More from Awara Direct Search

PDF
Обзор заработных плат в сфере фармацевтического производства в Москве.
byAwara Direct Search
 
PDF
Обзор зарплат в Санкт-Петербурге в 2015 году
byAwara Direct Search
 
PDF
Зарплаты в москве в период санкций и девальвации рубля
byAwara Direct Search
 
PDF
Обзор заработных плат в сфере HR в Москве
byAwara Direct Search
 
PPTX
Personal Data Processing in Russia
byAwara Direct Search
 
PPTX
Leadership and Employee Engagement 07.12.2014
byAwara Direct Search
 
PPTX
Laki henkilötietojen ja asiakastietojen pakollisesta sijoittamisesta Venäjälle
byAwara Direct Search
 
PPTX
Johtaminen ja uuden ajan organisaatio Venäjällä
byAwara Direct Search
 
PDF
Обзор уровня заработных плат в Санкт-Петербурге в 2013 году
byAwara Direct Search
 
PDF
Исследование Совокупного Налогового Бремени на Оплату Труда – 2014
byAwara Direct Search
 
PDF
Salary Survey in Perm, 2014
byAwara Direct Search
 
PDF
Salary Survey in Astana, 2014
byAwara Direct Search
 
PDF
Обзор заработных плат в области подбора персонала в Казани
byAwara Direct Search
 
PDF
Salary Survey Baku 2014
byAwara Direct Search
 
PDF
Обзор заработных плат в области подбора персонала в Санкт-Петербурге
byAwara Direct Search
 
PDF
Обзор заработных плат в области подбора персонала в Краснодаре
byAwara Direct Search
 
PDF
Обзор заработных плат в Астане
byAwara Direct Search
 
PDF
Обзор заработных плат в Баку
byAwara Direct Search
 
PDF
Salary Survey in Construction Sphere in Kazan
byAwara Direct Search
 
PDF
Salary Survey in Construction Sphere in Sochi
byAwara Direct Search
 
Обзор заработных плат в сфере фармацевтического производства в Москве.
byAwara Direct Search
 
Обзор зарплат в Санкт-Петербурге в 2015 году
byAwara Direct Search
 
Зарплаты в москве в период санкций и девальвации рубля
byAwara Direct Search
 
Обзор заработных плат в сфере HR в Москве
byAwara Direct Search
 
Personal Data Processing in Russia
byAwara Direct Search
 
Leadership and Employee Engagement 07.12.2014
byAwara Direct Search
 
Laki henkilötietojen ja asiakastietojen pakollisesta sijoittamisesta Venäjälle
byAwara Direct Search
 
Johtaminen ja uuden ajan organisaatio Venäjällä
byAwara Direct Search
 
Обзор уровня заработных плат в Санкт-Петербурге в 2013 году
byAwara Direct Search
 
Исследование Совокупного Налогового Бремени на Оплату Труда – 2014
byAwara Direct Search
 
Salary Survey in Perm, 2014
byAwara Direct Search
 
Salary Survey in Astana, 2014
byAwara Direct Search
 
Обзор заработных плат в области подбора персонала в Казани
byAwara Direct Search
 
Salary Survey Baku 2014
byAwara Direct Search
 
Обзор заработных плат в области подбора персонала в Санкт-Петербурге
byAwara Direct Search
 
Обзор заработных плат в области подбора персонала в Краснодаре
byAwara Direct Search
 
Обзор заработных плат в Астане
byAwara Direct Search
 
Обзор заработных плат в Баку
byAwara Direct Search
 
Salary Survey in Construction Sphere in Kazan
byAwara Direct Search
 
Salary Survey in Construction Sphere in Sochi
byAwara Direct Search
 

Recently uploaded

PPTX
Buying_Under_Construction_Property_Legal_Risks.pptx
byRaj Kumar
 
PPTX
Graft and Corrupt Practices Seminar.pptx
byMichaelCleofasAsuten
 
PDF
FY2027 H-1B Visa Predictions: What Are Your Chances of Being Selected?
byVisaPro Immigration Services LLC
 
PDF
For-Website-260107-CJP-complaint-to-Zee-News-Channel-Debate-on-Hindu-Lynching...
bysabranghindi
 
PDF
Free FY2027 H1 Visa Timeline Template - Download Now
byVisaPro Immigration Services LLC
 
PDF
A Brief Introduction About Suneet Sandhu Atlanta GA
bySuneet Sandhu Atlanta GA
 
PDF
When Negligence Turns Rides Into Danger.
byBisnar Chase Personal Injury Attorneys
 
PPTX
Crime and Its elements and Stages of Crime.pptx
bykrishpurohith
 
PPTX
BJS Preparation Series- Understanding FIR.pptx
by Judge Nazmul Hasan.
 
PDF
FY2027 H-1B Cap Filing Mistakes: How To Avoid Them?
byVisaPro Immigration Services LLC
 
PDF
INDUSTRIAL RELATIONS AND LABOUR LAWS.pptx.pdf
byEcShanthinipraba
 
PPTX
INTRODUCTION FORENSIC SCIENCE - UNIT 01 .pptx
bysilpam338
 
PDF
19th BJS Preparation Series-Consent and Free Consent in Contract Law.pdf
by Judge Nazmul Hasan.
 
PDF
260119-ED-251024-Attacks-on-dalits-Links-1.pdf
bysabranghindi
 
PPTX
Advancement in Legal Translation presentation.pptx
bygourivb
 
PDF
Jan-29-SC-stays-ugc-regulations.pdf regulations
bysabranghindi
 
PDF
BJS Excellence: The FIR Protocols-by Judge Nazmul Hasan.pdf
by Judge Nazmul Hasan.
 
PDF
FY2027 H1B Cap Filing Secrets: Why You Should Plan Now?
byVisaPro Immigration Services LLC
 
PPTX
Understanding Your Rights After a Dog Bite in Texas
byChelsie King Garza, P.C.
 
PDF
30988_2019_2_20_64213_Order_15-Sep-2025.pdf
bysabranghindi
 
Buying_Under_Construction_Property_Legal_Risks.pptx
byRaj Kumar
 
Graft and Corrupt Practices Seminar.pptx
byMichaelCleofasAsuten
 
FY2027 H-1B Visa Predictions: What Are Your Chances of Being Selected?
byVisaPro Immigration Services LLC
 
For-Website-260107-CJP-complaint-to-Zee-News-Channel-Debate-on-Hindu-Lynching...
bysabranghindi
 
Free FY2027 H1 Visa Timeline Template - Download Now
byVisaPro Immigration Services LLC
 
A Brief Introduction About Suneet Sandhu Atlanta GA
bySuneet Sandhu Atlanta GA
 
When Negligence Turns Rides Into Danger.
byBisnar Chase Personal Injury Attorneys
 
Crime and Its elements and Stages of Crime.pptx
bykrishpurohith
 
BJS Preparation Series- Understanding FIR.pptx
by Judge Nazmul Hasan.
 
FY2027 H-1B Cap Filing Mistakes: How To Avoid Them?
byVisaPro Immigration Services LLC
 
INDUSTRIAL RELATIONS AND LABOUR LAWS.pptx.pdf
byEcShanthinipraba
 
INTRODUCTION FORENSIC SCIENCE - UNIT 01 .pptx
bysilpam338
 
19th BJS Preparation Series-Consent and Free Consent in Contract Law.pdf
by Judge Nazmul Hasan.
 
260119-ED-251024-Attacks-on-dalits-Links-1.pdf
bysabranghindi
 
Advancement in Legal Translation presentation.pptx
bygourivb
 
Jan-29-SC-stays-ugc-regulations.pdf regulations
bysabranghindi
 
BJS Excellence: The FIR Protocols-by Judge Nazmul Hasan.pdf
by Judge Nazmul Hasan.
 
FY2027 H1B Cap Filing Secrets: Why You Should Plan Now?
byVisaPro Immigration Services LLC
 
Understanding Your Rights After a Dog Bite in Texas
byChelsie King Garza, P.C.
 
30988_2019_2_20_64213_Order_15-Sep-2025.pdf
bysabranghindi
 

Processing of Personal Data. What’s new?

  • 1.
    Processing of PersonalData. What’s new? by Anton Kabakov Hellevig, Klein & Usov November 21, 2014 1
  • 2.
    2 2 From1.1.2015 all Russian citizens’ personal data should be stored only in Russia!
  • 3.
    3 3 Amendmentsto the law: Russian citizens’ personal data need to be recorded, compiled, stored, refined (updated, modified), extracted using databases located in Russia with certain exceptions.
  • 4.
    1. What isconsidered to be “personal data” and what is not? 2. Is it currently allowed to transfer personal data abroad? 3. What are the changes to the law and what do they really state? 4. When these changes are expected to come into force? 4 4
  • 5.
    • Russian definitionof "personal data" is "broad" and borrowed from European Union law 5 5 Russia (Art. 3 (1)(1) of the Federal Law On Personal Data dated July 27, 2006) European Union (Art. 2 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data) Any information related to directly or indirectly identified or identifiable natural person. Any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, psychological, mental, economic, cultural or social identity.
  • 6.
     Vadim Ampelonsky(official representative of state controlling body - Roskomnadzor): "The minimum set of personal data necessary for the identification of the person is a combination of the first and last name and photograph of the subject”. (http://lenizdat.ru/articles/1124854/).  Physiological and biological features of a person on the basis of which one can identify him (Part 1, Art. 11 of the Law On Personal Data).  Can a person be identified by the IP-address of his computer, his e-mail account, or Skype account? 6 6 Which data are sufficient to identify a person?
  • 7.
    7 7 Mr.Homer JMayr. SHimoMmprs.e oSrn iJm,a Sypa sSfoiemntyp Isnosnpector at the Springfield Nuclear Power Plant
  • 8.
    Information considered tobe personal data identifying a person:  Passport data  Fingerprinting information  Name together with photograph  Name together with the date of birth, and information about the parents and their dates of birth Information not sufficient to identify a person and not considered personal data:  Solely the name or registered address of the person  Blood group, etc.  Nationality 8 8
  • 9.
    Public Biometric Special("sensitive"), i.e., data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, health, private life Depersonalized? Is it still personal data if the natural person is not any longer identifiable? NEW REGULATION WILL APPLY TO ALL KINDS OF PERSONAL DATA 9 9 Kinds of personal data.
  • 10.
    10 Law OnPersonal Data: Cross-border transfer of personal data to foreign states that are parties to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, as well as other foreign countries ensuring adequate protection of the rights of subjects of personal data is carried out in accordance with this federal law, and may be prohibited or limited in order to protect the constitutional system of the Russian Federation, morality, health, rights and lawful interests of citizens, national defense and state security. Convention on the Protection of Individuals with regard to Automatic Processing of Personal Data: A party shall not prohibit or subject to special authorization cross-border flows of personal data going to the territory of another party, for the sole purpose of protecting privacy.
  • 11.
    a) Parties tothe on the Protection of Individuals with regard to Automatic b) Ensuring adequate protection of the rights of the subjects of the personal 11 Sure, if personal data is transferred in foreign countries: Processing of Personal Data (which Russia is a party to) OR Ministry of Labor guidelines Amendments to Administrative Offenses and Criminal Codes data OR c) Any of the countries with the written consent of the individual Exceptions: Race, political opinion, religious convictions or other beliefs, health or private life, criminal record.
  • 12.
    Russian citizens’ personaldata will need to be recorded, compiled, stored, refined (updated, modified), extracted using databases located in Russia. 12 12 Companies will be required to notify the state agency of the location database with personal data. State authorities will be entitled to block the site violating the law On Personal Data.
  • 13.
     When arethese changes expected to come into force?  Who fall under its scope? Territorial or extraterritorial principle of operation of the new law?  Are all categories of personal data of Russian citizens (public, biometric, special) prohibited from being stored using a database located abroad?  Will it not be possible to store personal data abroad duplicating if on the Russian databases (mirrors)?  If personal data is stored on mobile device (phone, laptop) how to comply with the requirement to keep it in Russia? 13 13
  • 14.
    Personal data mayrecorded and stored abroad in cases where processing of personal data is necessary for inter alia: achieving the goals of an international treaty of the Russian Federation or the law, for fulfillment of operator’s obligations / function set out by law Does this mean that mandatory HR information may be stored abroad as previously? 14
  • 15.
    If data istransferred cross border, apparently it will be stored abroad. As long as cross-border transfer of personal data is allowed, there could be no prohibition to store data abroad. It is possible to have solely mirror-databases in Russia 15
  • 16.
    Questions Responses Howdo the restrictions correlate with the Convention of the Council of Europe? Can be personal data be stored in Russia and abroad? Can one store depersonalized personal data abroad? Opinion of Roskomnadzor: - Personal data may be transmitted abroad. After use it must be deleted; - Personal data may not be stored abroad. Opinion of presidential administration: No. It must be stored only in Russia. Technically, yes. 16
  • 17.
    A public authoritymay require the hosting provider to block the site on the basis of a court decision. Fine on the offending company of up to RUB 10,000 17 17
  • 18.
    18 Individual filesa claim together with the court decision to state Получение объяснений Применение дисциплинарного взыскания agency Court rules that site violates Law on Personal Data Hosting provider sends notice to owner of resource State agency sends notice to hosting provider Owner of resource must remove the violation Hosting provider limits access
  • 19.
    19 State agencyopens access Owner of resource or hosting provider contacts Применение дисциплинарного взыскания state agency Owner of resource removes violation/ Court cancels earlier decision
  • 20.
    American and Europeanmodels of cross-border transfer of personal data The Russian model for cross-border transfer of personal data leans toward that of the EU. 20 20 USA European Union  There are no restrictions on cross-border transfer of personal data  Is not a country that provides the appropriate level of protection of personal data from the EU perspective  Safe Harbor Regulations  Cross-border transfer of personal data is allowed only in countries that ensure an adequate level of protection of these data  Requirements for the cross-border transfer of personal data can be applied to their subsequent transfer (art. 40 of the Proposal for a General Data Protection Regulation)  Planned transition from territorial to extraterritorial model (item 19 of the Preamble of the Proposal for a General Data Protection Regulation)
  • 21.
    Recommendation:  Notifystate authorities of personal data processing. If the company plans to process personal data, we recommend that prior to the entry into force of the law it notify the state authority. In that case, it does not need to specify the location of the databases with personal data.  Duplicate personal data in Russia, keeping original data abroad?  Transfer depersonalized data abroad?  Audit HR documents to identify those which may be stored 21 abroad  Duplicate personal data stored on mobile devices on servicers located in Russia?
  • 22.
    • Measures mustbe necessary and sufficient to protect personal data against unauthorized access, destruction, copying, distribution or other misuse. • The operator independently determines the composition and the list of measures that are necessary and sufficient to fulfill the requirements of the Law. 22 22 Legal and organizational Technical  Consent to process personal data,  Local policy documents in relation to the processing of personal data,  Evaluation of the harm that may be caused to citizens in the case of the processing of their personal data in violation of the law,  Ensure unlimited access to policy documents of the operator in respect of the processing of personal data which meet the requirements for the protection of personal data. Accounting for machine storage devices of personal data, Application of approved procedures for assessment of means of information protection, Recovery of personal data, modified or destroyed by unauthorized access to it.
  • 23.
    15.1.2012 23 Officesin 3 countries: Russia Ukraine Finland 150 professionals at your service Partnerships: AEB AmCham AHK SVKK SPIBA
  • 24.
    Anton Kabakov Anton.Kabakov@awaragroup.com +7 (921) 397 1193 Call-center for all offices: +7 495 225 30 38 24