In this publication you will find the answer to all questions concerning the development and approval of the Regulation on the personal data of employees, sample sample of this document in 2017 and for 2018 can be downloaded for free in docx format.
As you already know, the Regulation on personal data must necessarily be included in the structure of the personnel turnover of any organization, institution, enterprise or firm, especially those with hired employees.
Today we will consider what personal data is, for which you need a clause about working with them, what is the structure of the document and where you can download the sample-procurement provisions to quickly adapt it to the needs of your work.
CONTENTS
Personal Information: What is it?
Personal data is understood as any information relating to a person as a subject, determined directly or indirectly according to the established criteria of the law "On Personal Data" of July 27, 2006, No. 152-FZ( Clause 1, Article 3).
Moreover, this federal legislative act does not contain an explanation of which particular information about an individual includes this concept. Usually, in the context of labor relations to them, here it is necessary to refer:
- Name;
- date of birth;
- passport data;
- address of registration and residence;
- INN;
- number of SNILS;
- information about education and work experience.
Actually, here is presented only a minimal list of information about the person that he provides when hiring. In the process of cooperation, others are added to it: the terms of the employment contract and additional agreements, information on registration for military registration, social benefits, data on disciplinary penalties and incentives, reports for statistical bodies and others. The array of information received is a personal matter of the employee.
Data on a person fall under the jurisdiction of Law No. 152-FZ if they are at the disposal of the personal data operator or are subject to processing with his participation( Clause 1, Article 1 of Law No. 152-FZ).Signs of the operator, in particular, correspond to firms that have hired workers, since they handle a wide range of information about the subjects in the process of building labor relations with them.
Regulations on working with personal data: what is needed?
Norms of Art.87 TC RF, as well as paragraph 2 of Art.18.1 of Law No. 152-FZ prescribe to employers to regulate transactions with personal data of their employees. However, in the noted NAP, as well as in other federal sources of law, it is not clearly defined how this duty should be fulfilled.
In practice, this is most often done through the development and approval by the firm of an intracorporate regulation on the personal data of hired workers.
And taking a person to work, the enterprise takes over the functions of a data processing operator. In other words, the employer collects, stores, systemizes, accumulates and updates information related to employees.
Work with personal data is carried out both with the use of automation tools, and without their application. The processing of confidential information is carried out not only during the period of cooperation, but also after its completion, at the archiving stage.
Art.22.1 of the Federal Law of October 22, 2004 No. 125-FZ "On Archival Affairs in the Russian Federation" obliges organizations to keep personal files of employees for 75 years.
At all stages of the processing of personal information, the employer is obliged to prevent the transfer to third parties in the absence of a legitimate reason. A set of appropriate measures should be documented as a provision on working with personal data of employees.
Structure of the Regulation on Employees' Personal Data
The document contains local norms that define:
- the goals and objectives of the firm when dealing with personal data;
- lists of actual and potentially involved in the company's business processes personal data;
- description of operations with data, practiced by the company;
- data access methods used in the firm;
- duties of employees of the firm, involved in the performance of labor functions of certain data;
- the right of the company's employees to purchase authorized access to data;
- legal mechanisms of responsibility of employees of the firm for violations in data operations.
Based on the noted list of standards, the regulations on the processing of employees' personal data can be represented by the following key sections:
- laying down the general provisions of the document;
- fixing criteria for the allocation of personal data from an array of information involved in the workflow and other areas of intra-corporate communications;
- defining the list of key operations with personal data;
- regulating the implementation of relevant operations;
- defining the order of access of employees of the company and other persons to the data;
- establishing the duties of employees involved in data operations;
- establishing the rights of the company's employees in terms of obtaining access to such data and performing the necessary operations with them;
- defining the mechanisms of responsibility of employees of the firm for violations of local norms and provisions of the legislation of the Russian Federation, regulating operations with personal data.
The statement on internal corporate transactions with personal data should be assured by the head of the firm. A copy of this document is required to familiarize all employees with a receipt( sub-clause 6 of clause 1 of Article 18.1 of Law No. 152-FZ).
How to enforce the provision for the processing and protection of personal data 2017-2018
At the development stage of the document, its content should be agreed with the heads of the departments involved in data processing and the legal service.
The finished local normative act is approved by the order of the head of the organization. The order is also issued in case of changes in the text of the document. If, for any reason, the provision on the protection of personal data is not available at the enterprise, it is necessary to immediately apply it and bring its contents to all employees.
Employees recruited must read the regulations before signing the employment contract. Confirmation of familiarization with the text is made at the discretion of the employer.
The most convenient way is to keep a log of acquaintance with local regulations. If necessary, the employee can apply for the text of the document as many times as necessary.
To simplify this procedure, it is recommended to lay out a sample of the clause about processing personal data of the employee in corporate e-access resources.
Sample of regulations on the processing of personal data of employees, where you can download?
The current sample for 2017 and 2018 of this intracorporate position on transactions with personal data you can download for free by clicking on the links( 2 options):
- Download sample of the regulation on the processing of personal data of employees 2017-2018.
- Regulations for the processing of employees' personal data for 2018
Any institution, enterprise, organization or firm that has the status of a personal data operator( this means that all employers) are required to develop and approve a local legal act( Regulation) regulating transactions with personaldata.
Source:
- http://nalog-nalog.ru/personalnye_dannye/polozhenie_o_personal_nyh_dannyh_rabotnikov_-_obrazec-2017/
- https: //clubtk.ru/forms/ personalnyye-dannyye / obrazets-polozheniya-o-personalnykh-dannykh-rabotnikov