Principles, conditions and purposes and processing of personal data

Now no activity is complete withoutinformation. Each organization stores information about employees, partners, and customers. Unauthorized access to them leads to their loss or change, which adversely affects the activities of the firm. The goals of processing personal data in organizations are the same, as it is fixed by law. This is described in the article.

What does processing mean?

Each person can read information aboutanother citizen, both in the performance of work duties, and in non-working communication, while browsing the Internet, reading the newspaper. Such collection of information is not considered processing. This is just an introduction to the information.

If personal information is specifically collectedfor use, storage, it will be the processing of personal data. This process is observed in educational institutions and hospitals. Information is recorded, entered into the database, classified for use in lawful purposes. If the information is collected by a writer, a journalist, he can use it for creative purposes.

Processing methods

Personal information is processed in 2 ways:

1. Automated.
2. Humanly.

The second option involves processingperformed with the participation of a citizen. If this happens without automation, then the data must be separated from the rest of the information. This is done using a mark, for example, in the margins of the blanks. It is forbidden to place personal information on a single carrier, if it is known that the purposes of processing personal data are incompatible.

If personal information of citizens belong to differentcategories, it is necessary for each type to use an individual carrier. Which systems can be classified as automated, and which are not? The following facts reveal this:

1. Personal information that is in the personal data system can be processed through a manual process if it is used with the personal presence of a person.
2. It cannot be argued that the data is processed automatically, given that they are in the information system of personal information.

Automated processing is performed withusing computational tools. Processing refers to all actions that are performed on the data provided. This process includes the collection, fixation, use, destruction.

Objectives

The objectives of the processing of personal data in the organization are the same. Information is needed for:

1. Conclusion, execution, termination of contracts in cases stipulated by the law and the Charter of the organization. Such transactions may occur with citizens, individual entrepreneurs, legal entities.
2. Personnel records of the enterprise, compliance with the law, the conclusion and fulfillment of obligations under the agreements.
3. Conducting personnel office work, assistance to employees in employment, training, use of benefits.
4. Fulfillment of tax legislation regarding payment of taxes and transfer of personal data to the FIU.
5. Completion of statistical documents based on the norms of the law.

Каждая цель обработки персональных данных в The organization is obligatory for execution because it is enshrined in law. That is why all institutions require information about employees, customers, partners. The purposes of personal data processing allow you to conduct business in a legal way.

Rules and order

The head should receive the following information about his employees:

1. Education.
2. Experience, previous position.
3. Data about the family and their work.
4. Health information.

When processing information of employees, HR specialists should follow several rules:

1. To process information on the basis of the norms of the law, to assist in employment, to assist in training and promotion in a career, to control the quality of the tasks performed.
2. Personal information is provided by the employee. If for some reason they cannot be obtained from the employee, but only from a third party, it is necessary to obtain a written consent to the disclosure of information.
3. The staff member can not independentlyuse information about religious orientation or trade union activities, if this does not apply to work. If this information concerns a working relationship, then you need written permission.
4. Controls employees of the personnel department, as well as their execution of these rules manager.
5. All employees must sign, confirming that they are familiar with the rules of the regulation.

Purposes of processing personal data according to Law No. 152mandatory for every employer. Based on Art. 22, the head can take actions with the personal information of employees without notifying Roskomnadzor.

Principles

It is important to know not only the goals of collecting and processing personal data, but also the principles. They are listed in Art. 5 ch. 2 FZ №152:

1. It is important to respect the legality and integrity of the purposes and methods of processing.
2. Compliance with the objectives stated in the collection.
3. Compliance with the volume and nature of the processed information, methods, goals.
4. Reliability of information.
5. The inadmissibility of combining databases for incompatible purposes.
6. Storage in a form that allows you to define a data subject, and no longer than the target requires. Then they are destroyed.

The goals of processing personal data of an employee are achieved using the conditions specified in art. 6 ch. 2:

1. Perform processing with the permission of the subjects.
2. If it is entrusted on the basis of a contract to another person, then confidentiality is important.
3. Processing of special information in a special order.

There are several exceptions when permission of the subject is not required. This happens when:

1. The procedure is carried out on the basis of the Federal Law, which sets its goal, conditions, range of subjects, information about which is subject to processing.
2. Everything is done to fulfill the contract.
3. Statistical and other scientific goals are required.
4. Protection of life, health, vital interests is necessary if permission is not possible.
5. Delivery of mailings is performed.
6. The professional activities of the journalist.
7. There is a processing of information to be published on the basis of the law.

Consent

To protect a person from unwanteduse of information about him requires his consent to the processing of personal data. The purpose of the treatment must be legal, and in other cases it is prohibited to do so. Consent is provided with a job, a bank account and other important transactions.

Единой формы разрешения нет.It is made up in free form on the form used by the enterprise. The period during which the permit is valid is indicated in the document itself. It also indicates the purpose of processing personal data in the organization.

Responsibility of the organization

The specialist responsible for obtaining,processing, storage of personal information, appoints the director of the institution. It also identifies individuals who are open to access information. The document must be issued by order. Usually they are responsible for processing information:

1. Managers of personnel department.
2. Personnel inspectors.
3. Heads of staff.
4. Deputy Heads of Personnel.
5. HR Specialists.

Based on Federal Law No. 152, an employee performingthe collection and processing of personal data is the operator. He is the head. The objectives of the processing of personal data in an educational institution are the same as in organizations.

Transfer and storage

Keeping records with personal information aboutworkers carried in refractory cabinets or safes. The keys to them should be the director of the personnel department. If he is absent, then the deputy manages it. If it is necessary to transfer personal information of an employee, a staff member should remember the following rules:

1. It is forbidden to transfer to third parties personalinformation without written permission. Exceptions are considered when data are required to prevent harm to health and in situations stipulated by law. It is also prohibited to disclose information for commercial purposes without consent.
2. If it is necessary to transfer data of workers, it is necessary to inform those for whom this information is used, that the information can be used only for the purposes of the request.
3. A staff member may use only the information necessary for the performance of work duties.
4. The employee has no right to find out information about the state of health of the employee.

An exception is considered to be circumstances relating to the question of the performance by employees of their duties.

A responsibility

If employees have violated the collection procedure,processing, issuing information, they are subject to disciplinary and criminal liability under the law. In Art. 5 of the Federal Law states that personal information collected for processing by automated principles or other means must be made in such a way that it is possible to establish a data subject.

The definition of the subject can not be longerwhat is required for processing. If it is done, then some time personal data cannot be destroyed. Personal data of employees are stored in the institution for 75 years. Thus, each company must comply with the rules for storing and processing information.