Registration Log in +44 20 80 89 80 01
en
Ru
+44 20 80 89 80 01
+44 20 80 89 80 01
  • Home /
  • Blog /
  • Russian Law on Personal Data: overview

Russian Law on Personal Data: overview

One of the most popular services offered by cloud providers is Federal Law 152-FZ cloud. The service is especially useful for foreign companies doing business in Russia. Cloud FZ-152 is a protected private cloud, where you can securely store the personal data of clients or employees. 

In this article, we cover the main points of the law on the protection of personal information, why it is important to comply with it, and what is the FZ-152 cloud.

 

What is the law FZ-152?

Federal Law No. 152-FZ "On Personal Data" is equivalent to the European General Regulation on Personal Data Protection (GDPR), with some differences. It covers all activities associated with the processing and use of information relating to a particular individual. This includes full name, address, phone number, photo, and similar data. The law applies to both public authorities as well as legal entities and individuals (excluding personal and family needs).

Thus, the law applies, to any organization storing information about customers, as well as websites that collect data about visitors. According to the law, personal data can be collected and processed only with the person's consent.

The highest requirements are imposed on the storage of personal data, so we focus on this issue in more detail:

  • It is necessary to store that amount of data, which is sufficient for processing.

  • The amount of information must be sufficient to identify the subject.

  • If the data is insufficient or contains errors, the data must be clarified or deleted.

  • Personal information collected for different purposes must not be combined.

  • After processing, the personal data must be destroyed or anonymized.

  • When transferring data to another country, you must ensure that the necessary protection system is in place and that the data subject agrees to this.

According to the law FZ-152, the operator is fully responsible for everything that happens to personal data. It applies even if the information gets to other parties for data processing or because of leakage. Therefore, personal data should be stored only on secure servers. Depending on the security level, there are four categories of servers:

УЗ-1 – is the highest level of protection for special data, which could cause serious damage if used for harmful purposes. This may include information on race and national origin, political and religious views, health, etc. 

УЗ-2 - this level is for storing biometric data. Regular backups and anti-hacking systems are necessary to provide this level.

УЗ-3 is designed to store all other data. Restricted access to the storage is sufficient in this case.

УЗ-4 is the lowest level. Public data can be stored on such servers. To ensure security, an antivirus solution may be enough.

There are more than a hundred security requirements for servers, but the most common ones are worth mentioning:

  • Servers must reside in a secure location. 

  • It must be impossible to connect to them directly.

  • Only those with proper rights should have access to the data.

  • The use of certified threat protection means.

 

The risks of non-compliance

Since practically any company collects some kind of data, the matter of compliance with FZ-152 applies to any business. Failure to comply with storage and processing standards is subject to administrative, criminal, and civil liability.

On March 27, 2021, the Federal Law entered into force, significantly increasing penalties for personal data breaches.

Consider the following innovations:

  1. Any offenses in the processing of personal data will now be immediately fined. Previously, there was only a warning.
  2. Now a repeated violation will qualify as an independent offense and the fines for it will be several times higher than for the initial violation.

For example, if it turns out that a legal entity requests personal data that is inconsistent with the purpose of collection, it must pay a fine of 60,000 to 100,000 rubles for a first offense and a fine of 100,000 to 300,000 rubles for a repeat offense.

Cloud FZ-152

While ensuring compliance with УЗ-4 and even УЗ-3 is easy, higher levels of protection are quite difficult to achieve. It will require a lot of time and financial investment, as you need special equipment, licensed software, and qualified employees who can set everything up properly. To save money while ensuring compliance with the law, you can use the cloud.

Cloud providers, in particular Cloud4Y, offer the service Cloud FZ-152. This is a turnkey solution that makes it easy to comply with the requirements of Federal Law 152. Cloud4Y takes all organizational and technical measures to ensure the protection of personal data from unauthorized access. The operator has УЗ1-4, 1K, 1Г certificates, information protection equipment licensed by the Federal Security Service and the Federal Service for Technical and Export Control, all necessary certificates and licenses.

oblako fz 152 cloud server
Is useful article?
0
0
author: Vitaly Pavlov
published: 11/17/2021
Previous article Next article
What else to read:
22 july 2020 5 Steps for Businesses to Get Ready for the Law on Personal Data 152-FZ 20 july 2020 Fines for Violations of Russian Personal Data Law 152-FZ 30 march 2020 Basic Principles to Know About Russian Personal Data Law
Last articles
Cloud Security Best Practices & Tips 14 november 2024 Cloud Security Best Practices & Tips Why You Need Antispam Solution to Protect Your Business 21 october 2024 Why You Need Antispam Solution to Protect Your Business How to Manage Freelancers – Effective Remote Working tools 16 october 2024 How to Manage Freelancers – Effective Remote Working tools
Scroll up!