List of documents on personal data protection

 
Apply for SearchInform DLP TRY NOW

According to Russian federal legislation, to check the effectiveness and functionality of measures for the protection of personal data (PD) should:

  • Government.
  • FSB.
  • Federal Service for Technical and Expert Control, FSTEC.
  • Roskomnadzor.

These regulatory authorities always require the provision of reporting documentation on the protection of PD. Any PD operator company must have the papers presented in the table.

Document's name Document content
Regulation on the protection of personal data (or Regulation on personal data of employees, provided that no other personal information is used) The procedure for working with personal information, including collection and use
Order on access to personal data List of employees who can process this class of information
Personal data protection instructions Detailed description of security measures
Notification for Roskomnadzor about PD processing Justification of the need and methods for collecting personal information
The order that appoints the person responsible for the safety of PD List of competencies of this employee
List of venues for these events Technical list of areas involved in PD verification
Order approving the storage location of PD The methods of archiving and the parameters of the created storage of personal data are described.
Description of the procedure for creating backup copies of databases, backup for all programs, information security tools and databases Technical information intended also for those in charge of the programming and system administration department, containing all methods of backing up and restoring valuable data
Order for the destruction of personal data Disposal procedure for information that is no longer relevant
Conclusion on the launch of the information system Expert opinion on the launched security structure
Plan for conducting inspections within the enterprise to protect personal information Tabular presentation of the plan for periodic monitoring of equipment and PD protection mode
Journal for recording media List of storage media used by the organization
Journal of registration of requests of PD subjects Database of individuals whose personal information was used by the organization
System classification act Includes a categorical description of personal data, access rights, a list of persons processing information, technical data about the network structure and electronic devices
Processing rules without the use of automated tools Everything related to documentation on traditional media, i.e. all paper correspondence
Antivirus and password protection instructions Information on the use of antivirus and password protection measures
Information security testing log Testers' notes on the tests being carried out
Instructions for emergency situations Description of personnel actions in the face of threats to disclose information confidentiality
Non-disclosure agreement Description of the legal regime for data that is not subject to disclosure, with the signatures of the persons involved
Regulation on the protection of personal data from unauthorized access Description of powers, areas of responsibility, legal sanctions acting on the operator of personal data

10.12.2020