Electric motors 08.10.2021
0 (0 votes)

Regulations on the personal data of employees sample. Regulations on the personal data of employees

POSITION

ABOUT THE PERSONAL DATA OF THE EMPLOYEE

I. General provisions

An employee's personal data is information required by an employer in connection with an employment relationship and relating to a specific employee.

The personal data of the employee is contained in the main document of the personal record of employees - the personal file of the employee.

The personal file of the employee consists of the following sections:

1) biographical and characterizing materials, which include:

Job Application (optional)

Personnel sheet,

Passport (copy),

Military ID, registration certificate (copy),

Education documents (copy),

Certificate of registration with the tax authority (TIN) (copy),

Pension certificate (for pensioners) (copy),

Birth certificate of children (copy),

Marriage certificate (copy),

Document on the right to benefits (copy),

The results of a medical examination for fitness to perform labor duties (for the category of workers under 18 years of age; entering work with harmful and (or) dangerous working conditions, hard work; entering work directly related to traffic Vehicle; employee's job application)

Labor contract,

Documents related to the transfer and relocation of an employee (employee's statements, etc.),

certificate sheets,

An employee's letter of resignation

A copy of the notice of dismissal

Personal card form N T-2,

Other documents, the presence of which in the personal file will be deemed appropriate;

2) additional materials, which include:

The employee's receipt on familiarization with the documents of the organization establishing the procedure for processing the personal data of employees, as well as on his rights and obligations in this area,

Photo,

Addition to a personal file,

Other documents, the presence of which in the personal file will be deemed appropriate.

The employee's personal file also includes an inventory of all documents in the file.

II. Obtaining personal data of an employee

The receipt, storage, combination, transfer or any other use of personal data of an employee may be carried out solely for the purposes of ensuring compliance with laws and other regulatory legal acts, assisting employees in employment, training and promotion, ensuring the personal safety of employees, monitoring the quantity and quality of work performed and ensuring the safety of property.

All personal data of the employee is obtained from him. If the employee's personal data can only be obtained from a third party, then the employee must be notified of this in advance and written consent must be obtained from him. The employer must inform the employee about the purposes, intended sources and methods of obtaining personal data, as well as the nature of the personal data to be obtained and the consequences of the employee's refusal to give written consent to receive them.

It is not allowed to receive and process the employee's personal data about his political, religious and other beliefs and private life, as well as about his membership in public associations or his trade union activities, except as otherwise provided by the legislation of the Russian Federation.

When making decisions regarding an employee based on his personal data, it is not allowed to use data obtained solely as a result of their automated processing or electronic receipt.

In cases directly related to issues of labor relations, in accordance with Art. 24 of the Constitution of the Russian Federation, it is possible to obtain and process data on the private life of an employee only with his written consent.

III. Formation and maintenance of personal files

The personal file of the employee is formed after the issuance of an order for his employment.

Initially, documents containing the employee's personal data are grouped into a personal file in the order that reflects the hiring process: personnel certificate; employee's application for employment; personnel record sheet; the result of a medical examination for fitness for work duties; the employee's receipt on familiarization with the documents of the organization establishing the procedure for processing the personal data of employees, as well as on his rights and obligations in this area; receipt of the employee on his familiarization with the local regulations of the organization; addition to a personal file; internal description.

All documents of the personal file are filed in the cover.

Each personal file is accompanied by a photograph of the employee (without headgear, size 3 x 4 cm). The surname, name, patronymic of the employee are indicated on the reverse side of the photograph.

In each section of the personal file, an internal inventory is maintained, where the names of all documents are entered, the date they were included in the file, the number of sheets, as well as the date the document was withdrawn from the file, indicating the person who seized the document and the reason for the withdrawal. In the event of a temporary withdrawal of a document, a replacement sheet is inserted instead. Withdrawal of documents from a personal file is carried out exclusively with the permission of a personnel specialist. The internal inventory is signed by the person who compiled it, indicating the date of compilation.

All documents entering the personal file are located in chronological order.

It is not allowed to include in a personal file documents of secondary importance that have temporary (up to 10 years) storage periods, for example, certificates of residence, etc.

Sheets of documents filed in a personal file are numbered.

The personnel record sheet is the main document of the personal file, which is a list of questions about the employee’s biographical data, his education, marital status, place of residence or residence, work performed from the beginning labor activity etc. The personnel record sheet is filled in by the employee independently when applying for a job.

When filling out a personnel record sheet, the employee must fill out all its columns, give full answers to all questions, avoid corrections or strikethroughs, dashes, blots, in strict accordance with the entries contained in his personal documents. Negative answers in the columns of the personnel record sheet are recorded without repeating the question.

When filling out the "Education" column, the following wording should be used: "higher", "incomplete higher", "secondary specialized", "incomplete secondary" - depending on which document the employee has.

The column "Marital status" lists all close relatives (husband, wife, daughter, son) living together with the employee. The surname, name, patronymic and date of birth of each family member are indicated.

The column "Work performed since the beginning of employment" reflects information about the work in strict accordance with the entries in the work book.

All entries are made in chronological order.

The following documents are used when filling out a personnel record sheet:

The passport;

Employment history;

Military ID;

Documents on education;

Documents on awarding a scientific degree, academic title.

The personnel record sheet is signed by the person being hired and the personnel specialist after reconciliation of the information entered in the questionnaire with the relevant documents and is certified by the seal of the personnel department.

Copies of all documents are certified by the personal signature of a personnel specialist after checking them with the original documents.

Supplement to a personal file - a document that records information about the movement of an employee at work (the date of entry into the position and the date of leaving it) indicating the reason for the movement ("Appointed with a decrease in the certification procedure").

An addendum to the personal file is drawn up by a personnel specialist and does not need to be certified by a signature or seal.

A personal card of form N T-2 is compiled by a personnel specialist for unified form, contains information about the personal data of the employee in full accordance with the submitted documents. In the event of renewal, the old personal card is removed from the section of the personal file "Questionnaire-biographical and characterizing materials", attached to the "Additional materials" and replaced with a new one. The personal card is signed by the personnel specialist.

In the future, the personal file is replenished with documents that arise in the course of the employee’s labor activity, which include:

Certification sheets;

Copies of documents confirming the position;

Other characterizing and supplementary materials listed in Section I of these Regulations.

A personal file is maintained throughout the entire working life of an employee. Changes made to the personal file must be confirmed by relevant documents.

The HR specialist receives documents from the employee being hired, checks the completeness of their completion and the correctness of the indicated information in accordance with the submitted documents.

IV. Rights and obligations of an employee in the field of protection

his personal data

The employee undertakes to provide personal data that is true.

The employee has the right:

To complete information about their personal data and the processing of this data;

To have free access to their personal data, including the right to receive copies of any record containing the employee's personal data, except as otherwise provided by the legislation of the Russian Federation;

To determine their representatives to protect their personal data;

To access the medical data relating to him with the help of a medical specialist of his choice;

To request the exclusion or correction of incorrect or incomplete personal data, as well as data processed in violation of the requirements. If the employer refuses to exclude or correct the personal data of the employee, he has the right to declare in writing to the employer his disagreement with the appropriate justification for such disagreement. The employee has the right to supplement personal data of an estimated nature with a statement expressing his own point of view;

To the requirement that the employer notify all persons who were previously provided with incorrect or incomplete personal data of the employee, of all exceptions, corrections or additions made to them;

To appeal to the court any unlawful actions or inaction of the employer in the processing and protection of his personal data.

V. Accounting, storage and transfer of personal data of an employee

Personal files, in which the personal data of employees are stored, are documents "For internal use".

A personal file is registered, about which an entry is made in the register of personal files. The log contains the following columns:

The serial number of the personal file;

Surname, name, patronymic of the employee;

Date of registration of the case;

The date the case was deregistered.

The personnel service (department) stores the personal files of employees currently working. For this, specially equipped cabinets or safes are used, which are locked and sealed. Personal files are arranged in order according to their numbers or in alphabetical order.

After the dismissal of the employee, the relevant documents are entered into the personal file (application for termination of the employment contract, a copy of the order to terminate the employment contract), a final inventory is drawn up, the personal file itself is drawn up and transferred for storage.

The personal files of employees dismissed from the organization are stored in the archive of the organization in alphabetical order.

Not allowed:

Communicate the personal data of the employee to a third party without the written consent of the employee, except when it is necessary in order to prevent a threat to the life and health of the employee, as well as in cases established by the legislation of the Russian Federation;

Communicate personal data of an employee for commercial purposes without his written consent;

Request information about the health status of an employee, with the exception of information that relates to the issue of the employee's ability to perform a labor function.

Access to the personal data of employees is allowed only to specially authorized persons, while these persons should have the right to receive only those personal data of the employee that are necessary for the performance of specific functions.

When transferring personal data of an employee to third parties, it is necessary to warn them that these data can only be used for the purposes for which they are communicated, and require these persons to confirm that this rule has been observed. Persons receiving personal data of an employee are required to maintain secrecy (confidentiality). The exception is the exchange of personal data of employees in the manner prescribed by the legislation of the Russian Federation.

The transfer of personal data of an employee within one organization is carried out in accordance with the local regulations of this organization.

The transfer of personal data of the employee to his representatives is carried out in the manner established by the organization. The scope of the transmitted information is limited only to those personal data of the employee that are necessary for the specified representatives to perform their functions.

The regulation on the protection of personal data of employees is the basic document of the organization, which forms the legal basis for all work with this kind of data. The article we propose will tell about the content of this provision and work with it.

Regulation on the processing of personal data - legal requirements

Part 1 of Article 18.1 of the Law “On Personal ...” dated July 27, 2006 No. 152-FZ indicates that organizations or other entities (individual entrepreneurs, state or municipal authorities) that work with personal data of citizens are required to take necessary and sufficient measures to to ensure the fulfillment of the requirements of both the Federal Law No. 152 itself and the by-laws adopted for its implementation. At the same time, the organization has the right to choose the list of measures necessary for the fulfillment of such duties independently.

The same part 1 of article 18.1 of Federal Law No. 152 contains an approximate (but not exhaustive) list of measures that an organization can use when working with personal data. Paragraph 2 of Part 1 of Article 18.1 of Federal Law No. 152 indicates that one of the possible measures is the publication of internal documents that will determine the organization's policy in the field of working with personal data, as well as other regulations that determine the specific procedure for the organization's employees to work with such information.

It should be noted that the policy of the organization is mainly a declarative document, which designates only common features measures that will be taken by the organization to comply with the law. The legal basis for the processing of personal data in an organization is the regulation on the personal data of employees.

An analysis of Article 18.1 of Federal Law No. 152 shows that the adoption of such a provision is not a mandatory requirement. At the same time, when conducting an audit of compliance with security measures when working with personal data, the organization, in accordance with part 4 of Article 18.1 of Federal Law No. 152, must present such a document to the inspectors or otherwise confirm the fact of compliance with the norms of Federal Law No. 152. Thus, the existence of such a provision can be regarded as indisputable evidence of compliance with the requirements for working with personal data, so it is still desirable for an organization to develop it. At the same time, in pursuance of the requirements of Part 2 of Article 18.1 of Federal Law No. 152, this provision must be available for public review or posted on the organization's website.

Don't know your rights?

Contents of the provision, sample 2017

The list of issues that must be resolved in the regulation is contained in Article 18.1 of the Federal Law No. 152. As a rule, they are included in the following order:

  1. General provisions. Here are indicated:
    • goals and objectives of the provision;
    • references to other regulatory acts of the organization (orders, instructions, regulations);
    • the situations in which this provision applies;
    • persons responsible for the implementation;
    • definitions of terms used in the document, etc.
  2. List and procedure for applying technical, legal and other measures aimed at protecting personal data. This section reflects:
    • issues of access to personal data carriers,
    • how to work with them
    • requirements for computer technology, which is used to work with information, etc.
  3. The procedure for informing (instructing) employees of the organization who will be allowed to work with personal data.
  4. The frequency and list of activities carried out within the framework of internal or external control over compliance with the provision.
  5. The scope of responsibility of employees for violation of the requirements of the regulation.
  6. An assessment of possible harm and a list of measures that can minimize it or completely eliminate the likelihood of it being caused.

When developing the position of the organization, the following rules should also be taken into account:

  • the provisions put into effect by the Decree of the Government of the Russian Federation “On Approval ...” dated September 15, 2008 No. 687 (if the organization processes data manually using paper or electronic media);
  • requirements for working with automation tools established by the Decree of the Government of the Russian Federation “On Approval ...” dated 01.11.2012 No. 1119 (when using computer equipment, transmitting data via the Internet).

You can find a sample regulation on the protection of personal data 2017 on our website.

Features of working with position

When working directly with the regulation on the protection of personal data of employees, it should be remembered that the list of persons responsible for such work (or those with access to data) is approved by a separate order. In addition, if the organization uses unified paper forms of accounting (books, registers, file cabinets, etc.), for their use, in accordance with paragraph 7 of Regulation No. 687, the publication of appropriate instructions for working with them is additionally required. At the same time, it is worth remembering that in addition to processing employee data, an organization often requires the collection and storage of data from customers and other citizens, so the provision can be extended to work with their personal data.

Summing up, we note that the development of the regulation is a kind of insurance during inspections of the organization by Roskomnadzor and other regulatory authorities. In addition, the regulation allows you to streamline the activities of employees when working with personal information, which will increase the degree of protection, and efficiency, and accuracy of processing.

If an economic entity draws up labor agreements with individuals, he has to deal with information that is their personal data. The provisions of regulatory legal acts establish that the employer is obliged to protect this information. In addition, the organization must create, as a local act, such a document as a regulation on the personal data of employees.

Every company, to some extent, has to deal with the personal data of individuals. In most cases, this process includes collection, storage, processing, and, with the consent of individuals, disclosure.

The economic activity of the company requires that its interests be represented by employees, and for this it is necessary to draw up various documents, which leads to the disclosure to third parties of information classified as personal data in accordance with the law.

This can be drawing up powers of attorney, drawing up an application for opening a card account, etc. It turns out that the employer is faced with the need to disclose information and the obligation to protect them at the same time.

To find a solution to this problem of the company allows the Regulation on personal data developed in the organization. This act adapts the existing norms of legislation to the specifics of the activity of a business entity.

Attention: The regulation on personal data should be developed by all organizations and individual entrepreneurs that act as employers in labor relations. The law establishes that the employer is the operator for the processing of personal data and must be registered as such with Roskomnadzor.

This local standard is developed in the same manner as other company acts that have regulatory functions. The Regulations are approved by general rules. The responsibility for creating it can be assumed by the head of the organization or by entrusting these functions to the personnel service.

Regulations and puts it into effect. It is important to remember that every employee of the company, as well as everyone who will join the organization after its entry into force, should be familiarized with the Regulations.

You can confirm that employees are familiar with the Regulations using special journals in which they must affix their visas or using familiarization sheets.

Attention: the provision on the PD must necessarily include consent to the processing of personal data. This document is filled out by the employee if necessary.

In it, the employee allows the employer to work with his personal data and, in the cases specified in this form, disclose information to third parties. Often such a document is asked to be filled out by an employee of the company when a power of attorney is issued to him, the certificate he requests.

It must be remembered that the employee has the right to revoke this consent at any time.

What employee data is personal

It is legally fixed what applies to the personal information of the employee. It can be information both directly affecting him, and indirectly.

Personal data includes:

  • Full name employee.
  • Information about the place and time of birth of an individual.
  • The address of his actual residence, as well as the address by registration.
  • Information about the family, social, and property status of the employee.
  • Information about the income received by the employee of the company.

In addition to the law on PD, there are rules that establish that personal data that an employer must protect should include all information that allows you to identify a person as an employee of the company.

Thus, this list is expanded with such data about the employee as his state of health (in the presence of harmful and dangerous working conditions), qualifications, education, specialization, whether he has children, etc.

Attention: this information is not a strictly closed list, it can be supplemented with various information. At the enterprise, the categories of information related to personal data are necessarily recorded in the Regulations on PD. If it is updated with new data, appropriate adjustments must be made to the local act of the enterprise.

There is also a list of information that is prohibited from being requested in any circumstances, since it is included in personal information.

This includes, for example, information about nationality or religion. If you try to find out this information, this will be regarded as an attempt to interfere in the privacy of a citizen.

Regulation on the protection of personal data of employees 2018 sample download

Downloads:

What should contain the regulation on the protection of personal data in 2018

The current regulations do not establish which sections or information should be reflected in such a Regulation. Also, there is no indication of the criteria by which it is necessary to produce it.

Usually, when preparing this act, the requirements of the law on personal data are used, as well as generally accepted standards for the execution of internal acts in companies.

General provisions of the document

This section specifies the objectives that are pursued in its preparation. Here it is necessary to make references to laws and other regulations in the field of personal data protection. Also here you need to write how the provision should be put into effect, and how changes will be made to it.

List of personal data of employees

This section is one of the most important in the whole position. This is where it will be indicated which specific personal data will be subject to protection.

It is best to compile this section after all Required documents, as well as an analysis of the information contained there.

Attention: in the same section, you can specify the internal documents of the company, which may also contain personal data of employees, and therefore they must also be protected.

Working with personal data

This section indicates the structural units or specific persons who receive the right to access personal data. Here it is not necessary to describe on what media and in what case data can be stored in a business entity - for example, in the form of paper printouts, in the form of an electronic database, etc.

Access to personal data

This section describes the methods by which the personal data of employees held in a business entity can be transferred to other employees without appropriate authority. Also in this section, it is necessary to describe the order in which the transfer of available data to third-party organizations, government agencies, and third parties occurs.

Responsibilities of employees who have access to personal data

This section describes the actions to be taken by employees who have access to the personal data of other employees of the business entity.

Rights of employees on operations with personal data

In this section, it is necessary to describe the rights of employees who transferred their personal data to the organization, as well as the rights of those employees who have access to this data during the performance of their duties.

Protection of personal information

Here it is necessary to describe exactly how and in what place the company stores the received personal data.

It is also necessary to describe in detail exactly how personal data is protected on paper - for example, storage in archival cabinets with locks, installing a combination lock on the archive door, etc.

Important: it is also necessary to indicate separately where and how exactly the data located on electronic media is protected.

Regulation approval procedure

The procedure for drawing up and putting into effect this internal act does not depend on the procedure for any other local document.

If a trade union body has been formed in an organization, then the document can be put into effect only after agreement with this body. The draft document is transferred to where it should be considered within 5 days. At the end of this period, the trade union must express an opinion on it in writing.

The body may express a negative opinion, i.e., disagree with the norms of the document. Then, along with the opinion, recommendations are provided for changing it.

The administration of the company can accept the proposed changes or initiate additional negotiations within three days.

Attention: even if after their holding the contradictions remained unresolved, the parties draw up and sign a protocol of disagreements. After this step, the administration of the firm can accept the document as it exists. However, in the event of a dispute, the trade union can challenge it through the courts.

If the company does not have a trade union, but another body has been formed that represents the interests of employees, then it is necessary to coordinate with it.

When a trade union is not formed at all, the administration puts the document into effect on its own by preparing an order.

This order establishes the date from which the provision takes effect, the responsible persons for monitoring compliance with the document are determined, the old provision is canceled (if a new one is created to replace the old one).

Attention: if the date of entry into force of the provision is not indicated in the order, then it will take effect from the moment the order is signed.

Responsibility for disclosure of personal data

The last major changes to the law on personal data were made in 2017. Then the reasons for which it was possible to receive a fine were significantly expanded, and the size of the fines themselves changed.

In the event that the collection of personal data is not carried out for the purposes specified in the law, or they are processed by unauthorized methods, this may be punished by a warning or the imposition of fines:

  • For citizens 1-3 thousand rubles;
  • For officials 5-10 thousand rubles;
  • For the company 30-50 thousand rubles.

If the subject who received personal data does not have consent to their processing from the owner, although it must be obtained, then a fine may be imposed for this:

  • For citizens 3-5 thousand rubles;
  • 10-20 thousand rubles for an official;
  • For the company 15-75 thousand rubles.

Attention: a fine may also be imposed for the fact that the business entity has not published in the public domain the Regulation on personal data, which specifies the methods for receiving, processing and storing data.

Its size will be:

  • For citizens from 700 rubles to 5 thousand rubles;
  • For an official 3-6 thousand rubles;
  • For an entrepreneur 5-10 thousand rubles;
  • For the company 15-30 thousand rubles.

If the data operator has not provided the data owner detailed information on how the data will be processed, it will be penalized:

  • For a citizen, a warning or a fine of 1-2 thousand rubles;
  • For an official 4-6 thousand rubles;
  • For entrepreneurs 10-15 thousand rubles;
  • For the organization of 25-40 thousand rubles.

I APPROVE ____________________________________ (name of the position of the head of the enterprise) ____________________________________ (full name, signature) "__" ___________ ___

REGULATION on the processing and protection of personal data of employees 1

1. GENERAL PROVISIONS

1.1. This Regulation establishes the procedure for obtaining, recording, processing, accumulating and storing documents containing information related to the personal data of employees of the enterprise. Employees are persons who have labor contract with the enterprise.

1.2. The purpose of this Regulation is to protect the personal data of employees of the enterprise from unauthorized access and disclosure. Personal data is always confidential, strictly protected information.

1.3. The basis for the development of this Regulation is the Constitution of the Russian Federation, the Labor Code of the Russian Federation, and other current regulatory legal acts of the Russian Federation.

1.4. These Regulations and amendments to it are approved by the head of the enterprise and introduced by order for the enterprise. All employees of the enterprise must be familiarized with this Regulation and amendments to it against signature.

2. CONCEPT AND COMPOSITION OF PERSONAL DATA

2.1. The personal data of employees is understood as information necessary for the employer in connection with labor relations and relating to a particular employee, as well as information about the facts, events and circumstances of the employee's life, allowing to identify his personality.

2.2. The composition of the employee's personal data:

Autobiography;

Education;

Information about labor and general experience;

Information about the previous place of work;

Information about the composition of the family;

Passport data;

Information about military registration;

Information about wages employee

Information about social benefits;

Speciality;

Position held;

The amount of wages;

Having a criminal record;

Residence address;

Home phone;

Originals and copies of orders on personnel;

personal affairs and work books employees;

Grounds for orders on personnel;

Copies of reports sent to the statistical authorities;

Copies of education documents;

The results of a medical examination for fitness for work;

Photos and other information related to the personal data of the employee;

Belonging of a person to a particular nation, ethnic group, race;

Habits and hobbies, including harmful ones (alcohol, drugs, etc.);

Marital status, presence of children, family ties;

Religious and political beliefs (belonging to a religious denomination, membership in a political party, participation in public associations, including in a trade union, etc.);

Financial status (income, debts, ownership real estate, cash deposits, etc.);

Business and other personal qualities that are evaluative;

Other information that can identify a person.

From this list, the employer has the right to receive and use only the information that characterizes the citizen as a party to the employment contract.

2.3. These documents are confidential. The confidentiality regime of personal data is removed in cases of depersonalization or after ____ years of storage period, unless otherwise provided by law.

3. OBLIGATIONS OF THE EMPLOYER

3.1. In order to ensure the rights and freedoms of man and citizen, the employer and his representatives, when processing the personal data of the employee, must comply with the following general requirements:

3.1.1. The processing of personal data of an employee may be carried out solely for the purpose of ensuring compliance with laws and other regulatory legal acts, assisting employees in employment, training and promotion, ensuring the personal safety of employees, controlling the quantity and quality of work performed and ensuring the safety of property.

3.1.2. When determining the scope and content of the processed personal data of an employee, the employer must be guided by the Constitution of the Russian Federation, the Labor Code of the Russian Federation and other federal laws.

3.1.3. All personal data of the employee should be obtained from him. If the employee's personal data can only be obtained from a third party, then the employee must be notified of this in advance and written consent must be obtained from him. The employer must inform the employee about the purposes, intended sources and methods of obtaining personal data, as well as the nature of the personal data to be obtained and the consequences of the employee's refusal to give written consent to receive them.

3.1.4. The employer does not have the right to receive and process the personal data of the employee about his political, religious and other beliefs and private life. In cases directly related to issues of labor relations, in accordance with Art. 24 of the Constitution of the Russian Federation, an employer has the right to receive and process data on the private life of an employee only with his written consent.

3.1.5. The employer does not have the right to receive and process the employee's personal data on his membership in public associations or his trade union activities, except as otherwise provided by federal law.

3.1.6. When making decisions affecting the interests of the employee, the employer does not have the right to rely on the employee's personal data obtained solely as a result of their automated processing or electronic receipt.

3.1.7. The protection of the employee's personal data from their unlawful use or loss must be ensured by the employer at his expense in the manner prescribed by federal law.

3.1.8. Employees and their representatives must be familiarized against signature with the documents of the enterprise that establish the procedure for processing personal data of employees, as well as their rights and obligations in this area.

3.1.9. Employees must not waive their rights to maintain and protect secrecy.

4. EMPLOYEE RESPONSIBILITIES

The employee is obliged:

4.1. Transfer to the employer or his representative a set of reliable documented personal data, the list of which is established by the Labor Code of the Russian Federation.

4.2. In a timely manner, within a reasonable time, not exceeding 5 days, inform the employer about changes in their personal data.

5. RIGHTS OF THE EMPLOYEE

The employee has the right:

5.1. For full information about their personal data and the processing of this data.

5.2. Free access to their personal data, including the right to receive copies of any record containing the employee's personal data, except as otherwise provided by the legislation of the Russian Federation.

5.3. To access medical data with the help of a healthcare professional of your choice.

5.4. Demand the exclusion or correction of incorrect or incomplete personal data, as well as data processed in violation of the requirements defined by labor legislation. If the employer refuses to delete or correct the personal data of the employee, he has the right to declare in writing to the employer his disagreement with the appropriate justification for such disagreement. The employee has the right to supplement personal data of an evaluative nature with a statement expressing his own point of view.

5.5. Require the employer to notify all persons who were previously informed of incorrect or incomplete personal data of the employee about all exceptions, corrections or additions made to them.

5.6. Appeal in court any illegal actions or inaction of the employer in the processing and protection of his personal data.

5.7. Designate your representatives to protect your personal data.

6. COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA

6.1. The processing of personal data of an employee is the receipt, storage, combination, transfer or any other use of personal data of an employee.

6.2. All personal data of the employee should be obtained from him. If the employee's personal data can only be obtained from a third party, then the employee must be notified of this in advance and written consent must be obtained from him.

6.3. The employer must inform the employee about the purposes, intended sources and methods of obtaining personal data, as well as the nature of the personal data to be obtained and the consequences of the employee's refusal to give written consent to receive them.

6.4. The employee provides the employer with reliable information about himself. The employer checks the accuracy of the information by comparing the data provided by the employee with the documents available to the employee. The submission by the employee of false documents or false information when applying for a job is the basis for terminating the employment contract.

6.5. When applying for a job, an employee fills out a questionnaire and an autobiography.

6.5.1. The questionnaire is a list of questions about the employee's personal data.

6.5.2. The questionnaire is filled out by the employee himself. When filling out the questionnaire, the employee must fill in all its columns, give full answers to all questions, avoid corrections or strikethroughs, dashes, blots in strict accordance with the entries contained in his personal documents.

6.5.3. Autobiography - a document containing a description in chronological order of the main stages of the life and activities of the hired employee.

6.5.4. The autobiography is compiled in any form, without blots and corrections.

6.5.5. The questionnaire and CV of the employee must be kept in the personal file of the employee. The personal file also stores other personal records relating to the personal data of the employee.

6.5.6. The personal file of the employee is drawn up after the issuance of an order for employment.

6.5.7. All documents of the personal file are filed in the cover of the sample established at the enterprise. It indicates the surname, name, patronymic of the employee, the number of the personal file.

6.5.8. Each file is accompanied by two ______ size color photographs of the worker.

6.5.9. All documents received in the personal file are arranged in chronological order. Sheets of documents filed in a personal file are numbered.

6.5.10. A personal file is maintained throughout the entire working life of an employee. Changes made to the personal file must be confirmed by relevant documents.

7. TRANSFER OF PERSONAL DATA

7.1. When transferring personal data of an employee, the employer must comply with the following requirements:

Do not disclose the personal data of the employee to a third party without the written consent of the employee, except when it is necessary in order to prevent a threat to the life and health of the employee, as well as in cases established by federal law;

Do not disclose the employee's personal data for commercial purposes without his written consent;

Warn persons receiving employee personal data that the data may only be used for the purposes for which it is disclosed, and require these persons to confirm that this rule has been observed. Persons receiving personal data of an employee are required to maintain confidentiality. This provision does not apply to the exchange of personal data of employees in the manner prescribed by federal laws;

Allow access to the personal data of employees only to specially authorized persons, while these persons should have the right to receive only those personal data of the employee that are necessary to perform specific functions;

Do not request information about the health status of the employee, with the exception of information that relates to the issue of the employee's ability to perform a labor function;

Transfer personal data of an employee to employee representatives in the manner prescribed by the Labor Code of the Russian Federation, and limit this information only to those personal data of an employee that are necessary for the specified representatives to perform their functions.

8. ACCESS TO EMPLOYEE'S PERSONAL DATA

8.1. Internal access (access within the enterprise).

The following persons have the right to access personal data of an employee:

Head of the enterprise;

Head of the Human Resources Department;

Heads of structural divisions in the direction of activity (access to personal data only of employees of their division) in agreement with the head of the enterprise;

When transferring from one structural unit to another, the head of the new unit may have access to the employee's personal data in agreement with the head of the enterprise;

Accounting staff - to the data that is necessary to perform specific functions;

The worker himself, the data carrier.

8.2. external access.

Personal data outside the organization may be submitted to state and non-state functional structures:

Tax inspections;

Law enforcement agencies;

bodies of statistics;

insurance agencies;

military registration and enlistment offices;

Social insurance bodies;

pension funds;

Subdivisions of municipal governments.

8.3. Other organizations.

Information about an employee (including a dismissed employee) can be provided to another organization only upon a written request on the organization's letterhead with a copy of the employee's application attached.

8.4. Relatives and family members.

Personal data of an employee may be provided to relatives or members of his family only with the written permission of the employee.

9. PROTECTION OF PERSONAL DATA OF EMPLOYEES

9.1. In order to ensure the safety and confidentiality of personal data of employees of the organization, all operations for the design, formation, maintenance and storage of this information should be performed only by employees of the personnel department who carry out this work in accordance with their official duties, recorded in their job descriptions.

9.2. Answers to written requests from other organizations and institutions within their competence and powers granted are given in writing on the letterhead of the enterprise and to the extent that allows not disclosing excessive personal information about the employees of the enterprise.

9.3. The transfer of information containing information about the personal data of employees of the organization by telephone, fax, e-mail without the written consent of the employee is prohibited.

9.4. Personal files and documents containing personal data of employees are stored in lockers (safes) that provide protection against unauthorized access.

9.5. Personal computers containing personal data must be protected with access passwords.

10. RESPONSIBILITY FOR DISCLOSURE OF INFORMATION RELATED TO THE PERSONAL DATA OF THE EMPLOYEE

10.1. Persons guilty of violating the rules governing the receipt, processing and protection of personal data of an employee shall bear disciplinary, administrative, civil or criminal liability in accordance with federal laws.

Personal data in labor law

The concept of personal data (hereinafter - PD) is enshrined in Art. 3 of the Law “On Personal Data” No. 152-FZ of July 27, 2006 (hereinafter referred to as Law 152-FZ), which was adopted in connection with the ratification of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (concluded in Strasbourg on January 28, 1981 and ratified by the Russian Federation on November 7, 2001).

According to this rule, personal data is any information that directly or indirectly relates to an individual. Individual, which is subject to the requirements of the law 152-FZ, is recognized as the subject of personal data.

In the Labor Code, chapter 14 is devoted to the personal data of an employee and their protection, which regulates the storage, use and transfer to third parties of the personal data of employees of an organization, the requirements for these actions, as well as the responsibility of the employer for violation of the legislation governing this area.

Data processing by the employer

The processing of personal data of employees should be carried out in accordance with the following basic rules established by Art. 86 of the Labor Code of the Russian Federation:

  • processing can only be carried out in the interests of employees or in connection with their employment;
  • PD can be obtained by the organization only from its employee or on the basis of his written consent from a third party;
  • the financial source of the organization of the protection of the data in question is the employer's funds;
  • it is not allowed for the employee to waive his rights to protect PD, a waiver in any form cannot be considered valid;
  • measures to protect personal data is a matter of joint activities of the employee and the employer.

You can learn more about the rules for working with personal data in the organization.

Regulation on the processing and protection of personal data of employees: content and sample

The obligation of the enterprise to have an approved regulation on the personal data of employees follows from Art. 87 of the Labor Code of the Russian Federation. According to this rule, the provision is developed and approved by the employer independently. However, it must meet the requirements Labor Code and other legal acts in the field of PD protection and regulate the issues of their storage and use.

Don't know your rights?

The law does not establish the structure of the document, but practice has developed the main sections that it is desirable to indicate in the regulation.

These include:

  1. An introductory part reflecting the grounds for the adoption of a local act. It also lists the norms of legislation governing the processing of PD, and also reveals the main concepts used in the Regulation (can be taken from Article 3 of Law 152-FZ).
  2. List of information constituting the PD of the company's employees.
  3. The list of documents processed by the organization that contain such information.
  4. Data processing rules.
  5. The procedure for obtaining access to the PD of certain persons.
  6. Measures aimed at protecting the processed data.
  7. Rights and obligations of the parties to legal relations in the field of work with PD.
  8. Responsibility of the organization for violations in the field of protection and protection of personal data.

With the provision on the protection of personal data of employees must be familiarized against receipt.

A sample of the regulation on personal data of employees can be downloaded from the link below:

Acceptance procedure

The regulation on the processing of personal data of employees is a local act of the organization, therefore the procedure for its development and approval is subject to general requirements Art. 8 of the Labor Code of the Russian Federation, as well as the internal rules of office work.

As a rule, this document is developed by the personnel department or the employee responsible for personnel matters at the enterprise. It is approved by order of the head or another person authorized by the employer to issue local acts in the field of processing and protecting personal data (for example, the supervising deputy head).

The regulation is signed by the head of the organization. The position is assigned a serial number, the date of publication is put on it, as well as the seal (if any).

Employer's responsibility

For violation statutory requirements in the field of PD protection, on the basis of Art. 90 of the Labor Code of the Russian Federation are provided different kinds responsibility:

  • material - in case of causing material damage by violations in the handling of personal data (Articles 232, 233 of the Labor Code of the Russian Federation);
  • disciplinary - the violator can be subjected to an act of the head disciplinary action, such as a remark, reprimand, dismissal, on the basis of Art. 192 of the Labor Code of the Russian Federation;
  • civil liability - for example, compensation for damages under Art. 15 of the Civil Code of the Russian Federation, compensation for non-pecuniary damage under Art. 151 of the Civil Code of the Russian Federation;
  • responsibility of an administrative nature, provided for by Art. 13.11 of the Code of Administrative Offenses of the Russian Federation;
  • criminal liability - for violations that entailed serious or grave consequences (for example, public dissemination of private data), according to Art. 137 of the Criminal Code of the Russian Federation.

***

Let's summarize:

  • the concept of PD includes any information related to a particular employee;
  • data processing is carried out in accordance with Art. 86 of the Labor Code of the Russian Federation and the requirements of the internal Regulations of the organization;
  • the content of the Regulation is not established at the legislative level, but by virtue of the law it should regulate the procedure for storing and using PD;
  • The Regulation is a local (internal) document, therefore it is adopted according to the general rules for the adoption of such acts in an organization (Article 8 of the Labor Code of the Russian Federation);
  • for violation of the rules for processing and distributing PD, the violator bears various types of liability (from disciplinary to criminal).


We advise you to read



Similar posts