Answer the question
In order to leave comments, you need to log in
How to ensure compliance with 152FZ?
Good afternoon.
We organize paid mailings to physical addresses.
The user enters the site, clicks the "pay" button, gets to the Yandex.money site. There he fills in the delivery address, full name and makes payment. Further, Yandex sends us the completed payments and the data of "subscribers" through its api. We enter them into the database and monthly make a request to cvs addresses and full names for envelopes. The number of subscribers in the near future will not exceed 1000 people.
Question
1) Do I need to obtain a license from regulators?
2) How is it necessary to ensure the procedure for storing and processing PD in order to satisfy 152-FZ?
Thank you!
Answer the question
In order to leave comments, you need to log in
1) You are a personal data operator - submit a Notice to RosKomNadzor.
2) You must have confirmation that the user has consented to the types of data processing that you perform.
3) The security subsystem can be developed by you on the basis of FSTEC Order No. 21 (if you are a commercial structure), or ordered from any FSTEC licensee on a turnkey basis
-----
FSTEC license for your organization personally is not needed, because . You do not provide personal data protection services to other persons.
Firstly, notification is sufficient for such quantities
. Secondly, the full name and address do not allow identifying a person.
To calm your conscience, it is enough to notify the regulator .
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question