Roskomnadzor has given recommendations on how a company should draw up its internal regulations that determine its policy, as an operator, on the processing of personal data.
It is recommended that the following structural components be included in the document:
– the purposes for which personal data is processed;
– the legal grounds on which personal data is processed;
– the scope and categories of personal data to be processed, and the categories of personal data subjects;
– the procedure and conditions for processing personal data;
– provisions concerning the updating, correction, deletion and destruction of personal data, and responses to requests from subjects to access their personal data.
Acsour’s legal department will help you to properly draft your internal regulations relating to the processing of personal data.