Personal data subject

 
Apply for SearchInform DLP TRY NOW

Personal data is information about a specific person and allows him to be identified. The owner of such information should understand that this information can be used in different ways - both positively and negatively. Therefore, everyone should understand that his personal data can be used only with his permission unless otherwise provided by law.

Types of personal information

The owner of personal data (carrier) is their subject. He is endowed with certain rights that allow you to control how his personal information is used by various authorities or other individuals. Personal data includes:

  • name of the subject of personal data;
  • place and date of his birth;
  • marital status;
  • social status;
  • property status;
  • home address;
  • data on education, profession, and other personal information.

Sources of information, in this case, are personal documents: passport, diploma, medical record - as well as, for example, bank account number and payment card details.

Restricting access to personal data

Personal data is needed to perform a variety of actions: when applying for a job; to obtain a loan from a bank; while participating in various surveys and questionnaires; in medical institutions and other cases.

If the subject of PD does not consent to the processing, the data cannot be entered into any databases or documents. The carrier of personal data has the right to authorize the posting of the address, date of birth, telephone number, and other information in public sources.

If the subject of PD does not consent to the processing, the data cannot be entered into any databases or documents. The carrier of personal data has the right to authorize the posting of the address, date of birth, telephone number, and other information in public sources.

Personal data operators

By the law, operators are considered persons or organizations that are engaged in the processing and other operations related to personal data. Operators include state and municipal structures, individuals.

Operators work with the provided information about the subject and must establish the purposes for which the data is required, as well as determine the content of the PD, without which certain types of work cannot be performed. For operators to have the opportunity to perform operations with the data provided by the subject, their consent to processing is required.

Access to personal information

The PD subject is entitled to receive information about the operator. The same rights are possessed by a representative - an authorized person of the subject, who acts based on documents drawn up by the requirements of the legislation. The rights vested in the data carrier are provided based on the Federal Law "On Personal Data" No. 152 of July 27, 2006 (as amended in 2017).

Also, the subject has the right to get acquainted with his personal information that the operator has. At the same time, the law provides for cases where the data carrier's right of access is restricted.

The right is necessary to check how reliable the information is. The subject has the legal ability to require the operator to clarify, block, or destroy information. This can be done in cases where personal data:

  • outdated;
  • are incomplete;
  • untrue;
  • obtained illegally;
  • are not needed to achieve the goals declared by the operator.

By the provisions of 152-FZ, the subject of personal data is the main participant in all actions performed with his personal data. This allows him to use the necessary legal mechanisms to ensure the safety of personal information and to avoid damage that may be caused to his personality, reputation, financial, and other interests.

Transfer of information

Information about the information available to the operator is transmitted to the carrier in any available form. The main condition is that it should not contain the personal data of other subjects.

To get access to their PD, the owner has the right to submit a request on his own or with the help of a trusted person. In the application with the signature of the subject, you should indicate information about the basic data with which you can establish his identity, for example, full name and passport data.

If the subject cannot independently apply for information, the application should also indicate the personal data of the person who acts on his behalf, as well as the document based on which the representative received such authority. The application must have a signature and a representative.

The subject or his representative has the right to send an appeal remotely - by e-mail. However, for the document to gain legal force, it must be certified with a digital signature.

The information available to the subject

The subject of personal data can receive information that contains various information:

  • the purpose of PD processing;
  • the methods that the operator uses for processing;
  • information about employees who have access to the subject's PD;
  • list of information that the operator works with;
  • the sources from which the data comes;
  • terms required for processing and storing data;
  • information on possible legal consequences in case of violation of the rules for processing PD.

Restricting a subject's access to data

The legislation restricts the subject's right to access data in cases of working with information that was obtained as a result of intelligence activities, operational search activities, and other similar actions. Restrictions apply if the collection, processing, storage, and other operations are carried out for state defense, ensuring measures of national and public security.

Restriction of access to PD is applied to the subject of PD in cases where the provision of access may violate the constitutional rights and freedoms of third parties.

Consent to the processing of PD is not required if the data is processed by police officers who detained the data subject, or if the data subject is charged with a crime.

Providing security measures

The law requires the operator to use all the necessary and available methods to ensure the protection of PD and the rights of the subject to whom the data belongs. The list of measures includes the use of cryptography techniques, which helps prevent illegal or accidental access to data, destruction, blocking, distribution, and duplication (replication).

Tangible media must be contained and handled securely. The requirements for such types of data processing are regulated by the government, and the supervisory function is performed by the executive federal authorities by the powers granted. The bodies on which the state has entrusted the function of protecting the rights of subjects of personal data control the activities within their competence.

25.11.2020