List of documents on personal data protection
Apply for SearchInform DLP
According to Russian federal legislation, to check the effectiveness and functionality of measures for the protection of personal data (PD) should:
- Government.
- FSB.
- Federal Service for Technical and Expert Control, FSTEC.
- Roskomnadzor.
These regulatory authorities always require the provision of reporting documentation on the protection of PD. Any PD operator company must have the papers presented in the table.
Document's name | Document content |
Regulation on the protection of personal data (or Regulation on personal data of employees, provided that no other personal information is used) | The procedure for working with personal information, including collection and use |
Order on access to personal data | List of employees who can process this class of information |
Personal data protection instructions | Detailed description of security measures |
Notification for Roskomnadzor about PD processing | Justification of the need and methods for collecting personal information |
The order that appoints the person responsible for the safety of PD | List of competencies of this employee |
List of venues for these events | Technical list of areas involved in PD verification |
Order approving the storage location of PD | The methods of archiving and the parameters of the created storage of personal data are described. |
Description of the procedure for creating backup copies of databases, backup for all programs, information security tools and databases | Technical information intended also for those in charge of the programming and system administration department, containing all methods of backing up and restoring valuable data |
Order for the destruction of personal data | Disposal procedure for information that is no longer relevant |
Conclusion on the launch of the information system | Expert opinion on the launched security structure |
Plan for conducting inspections within the enterprise to protect personal information | Tabular presentation of the plan for periodic monitoring of equipment and PD protection mode |
Journal for recording media | List of storage media used by the organization |
Journal of registration of requests of PD subjects | Database of individuals whose personal information was used by the organization |
System classification act | Includes a categorical description of personal data, access rights, a list of persons processing information, technical data about the network structure and electronic devices |
Processing rules without the use of automated tools | Everything related to documentation on traditional media, i.e. all paper correspondence |
Antivirus and password protection instructions | Information on the use of antivirus and password protection measures |
Information security testing log | Testers' notes on the tests being carried out |
Instructions for emergency situations | Description of personnel actions in the face of threats to disclose information confidentiality |
Non-disclosure agreement | Description of the legal regime for data that is not subject to disclosure, with the signatures of the persons involved |
Regulation on the protection of personal data from unauthorized access | Description of powers, areas of responsibility, legal sanctions acting on the operator of personal data |
10.12.2020