Purpose of personal data processing

Apply for SearchInform DLP TRY NOW

When the transfer of information about their identity a person should have confidence that their personal data will not fall into the hands of third parties without their permission. Preventive measures have been introduced into the legislation of the Russian Federation to protect the rights of citizens and their freedoms. The Constitution of the Russian Federation, Federal Law No. 152 "On Personal Data" contains requirements for regulating the work with personal data of citizens. The legislation recognizes the rights of every person to the inviolability of his personal life, respect for family secrets.

Purpose of collecting information about subjects

Any type of information that directly or indirectly relates to a particular citizen is considered “personal data” (PD). To process such information means to perform any action or operation with this information. Operators are allowed this information:

  • collect;
  • write down;
  • systematize;
  • accumulate;
  • keep;
  • clarify;
  • extract;
  • use;
  • transfer;
  • depersonalize;
  • block;
  • delete;
  • destroy.

The implementation of such actions should be carried out for specific purposes. The law on personal data stipulates that the processing of personal data should be limited to specifically designated purposes that have legal grounds. If the enterprise, for example, stores two databases with personal information of employees for different purposes, it is not allowed to combine them into one database.

The list of purposes for processing personal data must be indicated in the agreement that the company signs with the employee, client, business partner. The company's policy regarding the processing of personal data should be posted in places with open access.

The agreement to be signed must contain a complete list of goals, without abbreviations ", etc.; etc.; etc.". They must be clearly and fully designated, spelled out in the constituent, charter papers, provisions developed in the company, and also actually carried out by the operator.

The concept of PD processing

Together with the submission of the required documents during the signing of the employment contract, the employee must provide his consent to the processing of PD.

Article 2 of the Law on Personal Data refers to such information about an individual as his full name, date of birth, and other information, including entries in the work book. Personal data is divided into three categories.

The first includes publicly available information, which consists of basic personal data (name, date, place of birth, gender). The next group of personal data is biometric data, consisting of information about the appearance and individual physiological parameters, if they can be determined visually, etc. Special information includes data on nationality, religion, work, criminal record, etc.

PD belongs to the category of confidential information, except for the public. In this regard, they can be processed only if the permission of an individual is obtained.

The condition for establishing the validity period of such consent to PD processing is mandatory. The final period that allows you to perform any actions with personal information can be considered a specific date or event (expiration of the employment contract, fulfillment of any contractual obligations, etc., revocation by the employee of this consent earlier) - Article 9 of the Federal Law No. 152, p. . 4.

Purposes of PD processing in the organization

Each business collects and processes personal information. These actions cannot be avoided, since this information is extremely necessary for the implementation in the legal field of labor relations between an employee and an employer.

The organization is guided by the following goals during PD processing:

  • registration, execution, termination of civil law relations by employees, legal entities, individual entrepreneurs, other persons in cases specified in the legislation of the Russian Federation and in the Charter of the company;
  • organization of work with personnel - accounting for employees, ensuring compliance with the requirements of labor legislation, signing and fulfilling various obligations in relation to labor, civil agreements;
  • performing the functions of personnel records management, helping employees in applying for a job, mastering a new profession, moving up the career ladder, using benefits, compensations;
  • implementation of the requirements of the laws on taxation in matters of accrual, payment of tax payments from the income of individuals, UST, pension laws during formation, transfer to the Pension Fund of personification data regarding each recipient of insurance payments;
  • entering data into the primary statistical documentation under the Labor Code, Tax Code, as well as federal laws.

Purposes of processing personal information in medical institutions

In different organizations, the purposes of PD processing may be different.

In medical institutions, for example, data are collected on the actual state of health of the patient, which are of a special type. It is possible to process personal data of an individual without his consent (Article 10, Part 2, Clause 4 of the Law on Personal Data) for the following purposes:

  • establishing diagnosis;
  • preventive actions;
  • provision of medical and social services.

This rule is valid in relation to situations of PD processing by a doctor who must keep medical confidentiality, as provided by the laws of the Russian Federation. But if it is not possible to obtain consent, and the situation for the patient's health and life is critical, PD processing can be carried out without requesting permission from an individual.

Customer information can be used to:

  • providing him with advice, information, mediation services;
  • signing a contract with the client and fulfilling its conditions;
  • personnel work, provision of accounting services;
  • other actions not prohibited by the laws of the Russian Federation.

Purposes of PD processing in the banking sector

In the field of providing banking services, when performing certain banking operations, the purposes of personal data processing may be as follows:

  • opening a bank account, maintaining it;
  • Money transfers;
  • transfer of funds from an individual to a legal entity without using bank accounts;
  • buying or selling foreign currency;
  • provision of consulting services, any information, including the use of telephone communications, e-mail.

Not everything is simple with the personal information of any citizen, be it an employee of a company, a patient of a medical institution, a client of a bank, or any other organization. The law prohibits the use of personal data of any person, not only without his consent, but also in the event that this information is not needed for the implementation of specific goals (if the PD subject has not given consent to these actions). In the event of a leak of personal information, any citizen has the right to file a complaint with Roskomnadzor or apply to the judicial authorities. Therefore, the processing of personal data must be carried out strictly within the framework of current legislation.