How to ensure compliance with 152FZ?

M

Multigame2015-04-01 15:14:14

Law in IT

Multigame, 2015-04-01 15:14:14

Good afternoon.
We organize paid mailings to physical addresses.
The user enters the site, clicks the "pay" button, gets to the Yandex.money site. There he fills in the delivery address, full name and makes payment. Further, Yandex sends us the completed payments and the data of "subscribers" through its api. We enter them into the database and monthly make a request to cvs addresses and full names for envelopes. The number of subscribers in the near future will not exceed 1000 people.
Question
1) Do I need to obtain a license from regulators?
2) How is it necessary to ensure the procedure for storing and processing PD in order to satisfy 152-FZ?
Thank you!

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Andrew, 2015-04-01
@OLS

1) You are a personal data operator - submit a Notice to RosKomNadzor.
2) You must have confirmation that the user has consented to the types of data processing that you perform.
3) The security subsystem can be developed by you on the basis of FSTEC Order No. 21 (if you are a commercial structure), or ordered from any FSTEC licensee on a turnkey basis
-----
FSTEC license for your organization personally is not needed, because . You do not provide personal data protection services to other persons.

A

Anton Dyachuk, 2015-04-01
@Renius

Firstly, notification is sufficient for such quantities
. Secondly, the full name and address do not allow identifying a person.
To calm your conscience, it is enough to notify the regulator .

S

ShamblerR, 2015-04-01
@ShamblerR

let's give out ID data, not Vasya Pukkin, but ID 1123412, in fact, this is no longer personal data.