A good friend came to me with a request to help me deal with the protection of personal data, since recently responsible comrades came to him and frightened him with a huge responsibility - such as fines increased by 6000 times over the past year. I dig deeper into this topic and found that many are lumping together and the requirements for the protection of personal data in accordance with 152 FZ and security levels from 4 to 1, and requirements under 242 FZ in terms of localizing the processing of personal data of citizens of the Russian Federation ...
The levels are indicated in ascending order of responsibility:
4th - the lowest, at the discretion of the operator of personal data
1st - the highest responsibility, it is very rarely required, but for some reason many begin to try on responsibility with it :)
Disclaimer:
In 90% of cases, level 3 is needed. Everyone violates it en masse, without even knowing it!
So what did I find, I share my conclusions and practice
1. Yes, fines for violation in terms of the localization of personal data processing have grown very, very much (and this, oh, how much strained my friend CIO): for a repeated violation for an official up to 800,000 rubles, and for a legal entity - 18,000,000 rubles! Facebook, if you remember already paid the first fine in the Russian Federation last year, Twitter is now in a very dangerous position ... if, of course, our territory means something to it, and Linkedin has long been blocked.
A little more detail about this part of the law:
"Features of the application of the law on the localization of personal data in practice: recommendations for business"
2. , , . , - 100 000 «» 3- 2- , 100 000 β 3- , .. , 3- . Azure , , 18 000 000 .
, , , . .
3. ? , 10-15 β 1 000 000 . β 12 000 . 3 3 !
4. , , CRM-, ERP-, , , 1- , , - , , , . , , , .
:
! , «» . . , ., β !
, :
" , , , "
" "
:
(). , 2008
-
5. , β - (). , . , , β¦ .
6. It turned out that, as always, there is protection from real threats and from verifiers. In 99% of cases, 2nd protection is needed.
7. And the most important thing that I discovered is that in 90% of cases it is required to comply with FZ 152 UZ 3 (3rd level of security), and then the most amazing thing is that 99% of companies violate these requirements. Therefore, I decided to warn everyone: forewarned, then armed, then think about it and ask the experts how it is easier for you to protect yourself from these 2 types of threats.