home-Shoes-Regulations on the storage of personal data. Regulations on personal data of employees of the organization

Regulations on the storage of personal data. Regulations on personal data of employees of the organization

I approve of Nemov ---------------------- Director of OJSC "Begemot" Nemov R.I. Rostov-on-Don October 01, 2008

Statement on personal data

1. General Provisions

1.1. These Regulations establish the procedure for receiving, recording, processing, accumulating and storing documents containing information related to the personal data of the company’s employees.

1.2. The purpose of this Regulation is to protect the personal data of company employees from unauthorized access and disclosure. Personal data is always confidential, strictly protected information.

1.3. The basis for the development of these Regulations are: The Constitution of the Russian Federation, Ch. 14 Labor Code RF, the federal law dated July 27, 2006 N 152-FZ “On Personal Data”, other current regulatory legal acts of the Russian Federation.

1.4. These Regulations and amendments to it are approved by the Director of the company and are introduced by order of the enterprise. All employees of the enterprise must be familiarized with this Regulation and amendments to it, against receipt.

1.5. The positions responsible for collecting personal data are HR department employees.

1.6. Positions responsible for the processing of personal data are HR department employees, accounting employees, and secretary.

2. Concept of personal data

2.1. Personal data is information relating to a specific employee, as well as information about the facts, events and circumstances of the employee’s life, allowing his or her identity to be identified, and used by the employer, in particular, to fulfill the requirements:

Labor legislation upon hiring and conclusion employment contract, in progress labor relations, when providing guarantees and compensation, etc.;

Tax legislation in connection with the calculation and payment of income tax individuals, as well as the unified social tax;

Pension legislation in the formation and presentation of personalized data about each recipient of income taken into account when calculating insurance contributions for compulsory pension insurance and security;

Filling out primary statistical documentation in accordance with Resolution of the State Statistics Committee of Russia dated 01/05/2004 N 1 “On approval of unified forms of primary accounting documentation for labor accounting and its payment.”

2.2. Personal data is strictly confidential and any persons who gain access to it are required to keep this data confidential, with the exception of data falling into the following categories:

Anonymized personal data - data for which it is impossible to determine whether it belongs to a specific individual;

Publicly available personal data.

2.3. The confidentiality regime of personal data is lifted in cases of depersonalization or upon expiration of the appropriate storage period.

3. Personal data carriers

3.1. Paper media of personal data:

Employment history;

Work record books;

Business trip log;

Certificates of incapacity for work;

Materials on working time recording;

Personal card T-2;

Incoming and outgoing correspondence from the military registration and enlistment office, insurance company, bailiff service;

Orders for personnel.

3.2. Electronic media of personal data - a database for recording enterprise employees.

3.3. Personal data on paper is stored in a safe.

3.4. When recruiting specialists, documents handled by the HR department may be on desktops or in special folders only during the working day. At the end of the working day, these documents must be put away in locked cabinets.

3.5. Documents of applicants who were not hired are stapled by month and by specialist profile and stored in locked cabinets for 6 months; further documents are subject to destruction.

3.6. Personal data on electronic media is protected by an access password; access to a specialized program is provided only through personal access- password, only employees responsible for processing personal data have the right to use personal data.

4. Employee’s personal file

4.1. The employee’s personal file is drawn up after the hiring order is issued.

4.2. All documents received in a personal file are located in chronological order. Sheets of documents filed in a personal file are numbered.

4.3. The personal file is maintained throughout labor activity employee. Changes made to a personal file must be confirmed by relevant documents.

4.4. List of documents contained in the employee’s personal file upon hiring:

The applicant's questionnaire, resume, characteristics, recommendations presented by the employee when making a decision on concluding an employment contract for the applicant are a list of questions about the employee's personal data;

Copy of the passport;

A copy of the TIN assignment certificate;

A copy of the pension insurance certificate;

A copy of the military ID (for those liable for military service);

A copy of education documents (including additional education, if the employee presents them when applying for a job or this is required when performing certain job functions);

A copy of the driver’s license and documents for the car, if required in connection with the employee’s job function;

Medical certificate confirming completion of a medical examination;

Personal card T-2;

Employment contract;

Documents on completion of training, probationary period;

Documents on the composition of the employee’s family, necessary to provide him with guarantees related to the fulfillment of family responsibilities;

Other personal accounting documents related to the employee’s personal data.

4.5. List of possible documents contained in the employee’s personal file during further work at the Agency:

Additional agreements;

Documents on advanced training (written certifications, diplomas, certificates, etc.);

Documents on the health status of children and other close relatives, when the availability of such documents is associated with the provision of any guarantees and compensation to the employee;

Documents confirming the right to additional guarantees and compensation on certain grounds provided for by law;

Documents about the employee’s pregnancy and the age of the children to provide the mother (father, other relatives) with the working conditions, guarantees and compensation established by law;

Other personal accounting documents related to changes in the employee’s personal data.

5. Access to employee personal data

5.1. Internal access (access within the organization):

Enterprise management;

HR department employees;

Heads of structural divisions in the area of ​​activity (access to personal data only of employees of their division);

When transferring from one structural unit to another, the head of the new unit may have access to the employee’s personal data;

Accounting employees - to the data that is necessary to perform specific functions;

The employee himself, the data carrier.

5.2. External access. Mass consumers of personal data outside the organization - state and non-state functional structures:

Tax inspectorates;

Law enforcement agencies;

Statistical authorities;

Insurance agencies;

Military registration and enlistment offices;

Social insurance authorities;

Pension funds;

Divisions of municipal government bodies.

5.3. Other organizations. Information about a working employee or one who has already been dismissed can be provided to another organization only with a written request on the organization’s letterhead with a copy of the employee’s application attached.

5.4. Relatives and family members:

Personal data of an employee can be provided to relatives or members of his family only with the written permission of the employee;

In case of divorce, the ex-spouse has the right to contact the organization with a written request for the amount wages employee without his consent (Labor Code of the Russian Federation).

6. Collection and processing of personal data of employees

6.1. The employee is obliged to provide the employer with a set of reliable documented personal data, the list of which is established by this Regulation.

6.2. In a timely manner, within a reasonable period of time not exceeding 5 working days, the employee is obliged to personally or through his legal representative inform the employee responsible for collecting information about changes in his personal data or submit the relevant documents.

6.3. An employee's submission of false documents or false information when applying for a job is grounds for termination of the employment contract.

6.4. The employee responsible for collecting information, when receiving personal data or receiving changed personal data of an employee, must:

Check the accuracy of the information by comparing the data provided by the employee with the documents available to the employee;

Make copies of the submitted documents;

File it in the employee’s personal file;

Make appropriate changes to personnel documents;

If necessary, prepare and sign the relevant documents to reflect the relevant changes;

Bring to the attention of employees responsible for processing personal data about changes in this data.

6.5. If the employee’s personal data can only be obtained from a third party, then the HR department employee:

Notifies the employee no later than 5 working days before the date of the request to obtain data from a third party, informing the employee about the purposes, intended sources and methods of obtaining personal data, as well as the nature of the personal data to be received and the consequences of the employee’s refusal to give written consent to receive it;

Receives written consent from the employee;

Upon receipt of consent, makes a request and receives the necessary data.

6.6. If illegal actions with an employee’s personal data are detected:

The employee or his legal representative or the authorized body for the protection of the rights of personal data subjects applies to the Director of the company with an application;

The director issues an order to block personal data relating to the relevant employee from the moment of such an application or receipt of such a request for the period of verification, and appoints a person responsible for conducting an internal investigation;

If during an internal investigation it was confirmed that false personal data was used, then the employee responsible for obtaining personal data is obliged to clarify the personal data, make appropriate changes and amendments to the documents and remove their blocking;

If during an internal investigation a fact of illegal actions with personal data is revealed, then the employee responsible for data processing and who committed such actions, within a period not exceeding three working days from the date of such discovery, is obliged to eliminate the violations. If it is impossible to eliminate the violations committed this employee within a period not exceeding three working days from the date of such detection, is obliged to destroy personal data. The employee responsible for collecting personal data must notify the employee or his legal representative about the elimination of violations or the destruction of personal data, and if the appeal or request was sent by the authorized body for the protection of the rights of personal data subjects, also the specified body.

7. Transfer of employee personal data

7.1. When transferring an employee’s personal data, specialists responsible for receiving and processing personal data must comply with the following requirements:

Do not disclose the employee’s personal data to a third party without the employee’s written consent, except in cases where this is necessary in order to prevent a threat to the life and health of the employee, as well as in cases established by federal law;

Do not disclose the employee’s personal data for commercial purposes without his written consent;

Warn persons receiving the employee's personal data that this data can only be used for the purposes for which it was communicated, and require these persons to confirm that this rule is observed. Persons receiving employee personal data are required to maintain confidentiality.

8. Responsibility for disclosure of information related to the employee’s personal data

8.1. Persons guilty of violating the rules governing the receipt, processing and protection of employee personal data bear disciplinary, administrative, civil or criminal liability in accordance with federal laws.

At each enterprise, due to the specifics of its activities, the provisions on the protection of employee personal data will be different. The sample can be downloaded for free.



When hiring, in addition to the contract, you should also sign a clause on the protection of the employee’s personal data. The list of responsibilities of the organization’s management should include rules on the protection of personal data of specialists. The company's management must take care of the protection of information in order to avoid its loss. Protection Document Template personal information Traditionally, you can download it for free via a direct link. Let's consider the main features of the protection regulations and identify the most important points to be fixed.

At each enterprise, due to the specifics of its activity, Regulations on the protection of employee personal data will be different. However, general terms and the wording will remain unchanged. Personal data of an individual is information that only the person himself has the right to dispose of. No one has the right to obtain information about an employee of an enterprise without authorized access. Leakage of confidential information may result in civil, administrative and criminal liability.

Mandatory clauses of the regulation on the protection of personal data of employees

:
  • Management approvals in the upper right corner, dated and stamped;
  • Title of the regulation;
  • General terms, goals, concepts, duration of regulation;
  • Principles, rights and obligations, responsibility in case of violation of the rules of conduct;
  • Closing points, signatures notifying stakeholders and HR;
  • It is possible to indicate other paragraphs in the provision. This kind of agreement is free to fill out, but a certain minimum of security must still be specified.
Fundamental basis document are the norms of the supreme law of the state - the Constitution of the Russian Federation, other legislative acts and codes. Such information is confidential. During employment, the head of the institution, in connection with the conclusion of a contract, is forced to receive personal data of employees and take measures to protect them. In this regard, information that has become known must be protected from unauthorized receipt by third parties. Leakage of personal data of employees may result in civil, administrative and criminal liability.

1. General concepts personal data of the employee, processing and use of personal data of the employee.
2. Fundamental principles for the protection of employee personal data.
3. General requirements when processing employee personal data.
4. Storage and use of employee personal data.
5. Transfer of employee personal data.
6. Rights of employees regarding the protection of personal data.
7. Liability for violation of the rules governing the processing and protection of employee personal data.

1. General concepts

1.1. Employee personal data (EPD) is information required by the employer in connection with labor relations and relating to a specific employee. DDRs are classified as confidential information.
1.2. Processing of an employee’s personal data – receiving, storing, combining, transferring or any other use of personal data.

2. Fundamental principles of traffic license protection

2.1. Personal responsibility of employees for the safety and confidentiality of information about the work of the HR Department (Department) and personal data, as well as the carriers of this information.
2.2. Division (fragmentation) of knowledge of personal data between different employees of the Department. It is not allowed for an employee to get acquainted with any documents and materials of the Department.
2.3. Availability of a clear permit system for employees of the Department to access documents, files and databases.
2.4. Conducting regular checks of the availability of traditional and electronic documents, files and databases among employees of the Department and personnel documents in the divisions of the Company.

3. General requirements for processing traffic documents

In order to ensure the rights and freedoms of man and citizen, the employer and his representatives when processing PDR are obliged to comply with the following requirements:

3.1. Processing of PDR can be carried out solely for the purpose of ensuring compliance with laws and other regulations, assisting employees in employment, training and promotion, ensuring the personal safety of employees, monitoring the quantity and quality of work performed and ensuring the safety of property.
3.2. When determining the volume and content of the processed work permits, the employer must be guided by the Constitution of the Russian Federation, the Labor Code of the Russian Federation and other federal laws.
3.3. All work permits should be obtained from the employee himself. If the PDR can only be obtained from a third party, then the employee must be notified in advance and written consent must be obtained from him. The employer must inform the employee about the purposes, intended sources and methods of obtaining personal data, as well as the nature of the personal data to be obtained and the consequences of the employee’s refusal to give written consent to receive it.
3.4. The employer does not have the right to receive and process PDR about his political, religious and other beliefs and privacy. In cases directly related to issues of labor relations, in accordance with Article 24 of the Constitution of the Russian Federation, the employer has the right to receive and process data about the private life of an employee only with his written consent.
3.5. The employer does not have the right to receive and process PD on his membership in public associations or his trade union activities, except as provided by federal law.
3.6. Personal data cannot be used to cause property and/or moral harm to citizens, or to impede the exercise of the rights and freedoms of citizens of the Russian Federation.
3.7. When making decisions affecting the interests of an employee, the employer does not have the right to rely on work permits obtained solely as a result of their automated processing or electronic receipt.
3.8. Protection of personal development documents from unlawful use or loss must be ensured by the employer at his expense in the manner prescribed by federal law.
3.9. Employees and their representatives must be familiarized, against receipt, with the organization’s documents establishing the procedure for processing PDR, as well as their rights and obligations in this area.
3.10. Employees should not waive their rights to maintain and protect secrets.
3.11. Employers, employees and their representatives must work together to develop measures to protect the voluntary work permits.

4. Storage and use of employee personal data.

To ensure the storage of the PDR, the following steps must be taken:

4.1. Issuance of an order or instruction on assigning to employees of the Department certain sets of documents necessary for them to provide information support for the functions specified in job descriptions these employees, approval of the scheme for access of employees of the Department and the management staff of the Company, structural divisions to the documents of the Department; it is established: who, when, what information and for what purpose can request from the Department, the organization of receiving visitors, the procedure for further storage of information, work with which has been completed: where this information will be stored, who is responsible for its safety and confidentiality.
The functioning of the Directorate must be subordinated, inter alia, to solving the problems of ensuring the safety of road traffic areas and their protection:
4.4. During reception hours, employees of the Department should not perform functions not related to reception, or conduct official or personal conversations by telephone. There should not be any documents on the desk of the receptionist other than those that relate to the visitor.

4.5. It is not allowed to answer questions related to the transfer of traffic documents by telephone. Responses to written requests from other institutions and organizations are given in writing on the Company's letterhead and to the extent that allows not to disclose the excessive volume of the PDR.

4.6. When issuing a certificate of employment, it is necessary to verify the identity of the employee to whom this certificate is issued. It is not allowed to issue it to relatives or co-workers of the person who requires the certificate (except in cases of providing a notarized power of attorney). For receipt of a certificate, the Company employee signs in the certificate issuance journal.
4.7. In the Department, files, file cabinets, accounting journals and accounting books are stored during working and non-working hours in metal locked cabinets. Employees are not allowed to leave any documents on their desks or leave cabinets unlocked when leaving the premises.

4.8. On the employee’s desktop there should always be only that array of documents and registration cards with which currently he works. Other documents, files, cards, magazines must be kept in a locked cabinet. Executable documents are not allowed to be stored in bulk. They should be placed in folders that indicate the type of actions performed with them (filing in personal files, for sending, etc.).
4.9. At the end of the working day, all documents, cases, sheets of paper and notebooks with work notes, instructions and reference materials must be stored in metal cabinets and safes. There should not be a single piece of paper left on the desktop. Drafts and editions of documents, damaged forms, sheets with official notes are destroyed at the end of the working day in a special paper-cutting machine.

4.10. Arming and disarming of the Department's premises is carried out by the Department's employees.
4.11. Cleaning of premises is permitted only in the presence of Department employees.

Garbage removed from premises must be burned.
Storage of traffic documents:
4.12. Materials related to questionnaires, testing, and interviews with candidates for positions are marked “Strictly Confidential.” Materials with testing results of working employees, materials of their certifications, are also classified as strictly confidential.
4.13. The personal file must have an inventory of the documents included in the file. The case sheets are numbered during the process of forming the case.
4.14. All new entries in addition to the personal personnel record sheet and accounting forms are certified by the signature of the Department employees.
4.15. If a document is removed from a personal file, an entry is made in the file inventory indicating the basis for such an action and the new location of the document. A copy is made of the document to be seized and filed in place of the seized document. The mark in the inventory and the copy are certified by the signature of an employee of the Department. Replacement of documents in a personal file by anyone is prohibited. New, corrected documents are placed together with previously filed ones.
4.16. Personal files can be issued to the workplaces of the Director of the Company, the head of the Department and the HR inspector. Transferring personal files to managers through a secretary is not allowed. Other managers of the Company can get acquainted with the personal files of employees subordinate to them in the premises of the Department under the supervision of an employee responsible for the safety and management of personal files. An employee of the Company has the right to get acquainted only with his personal file and work book, registration cards reflecting his personal data.
4.17. When returning the case, the safety of the documents is carefully checked, the absence of damage, inclusion of other documents in the case or substitution of documents. The case is reviewed in the presence of the director.
4.18. Work records are always kept separately from personal files in a locked safe.
4.19. Work with the reference and information data bank on the Company’s personnel (card files, journals and personal accounting books of employees) is also subject to strict control.

4.20. Documents outside the Department may be marked “Confidential” or “For Official Use.” The Department must retain copies of all reporting and reference documents.
4.21. In the structural divisions of the Company there may be the following documents containing the PDR: a timesheet journal indicating the positions, surnames, and initials of employees (located by the employee keeping the timesheet, the timekeeper), staffing table(staff form) of the unit, which may additionally indicate which employee occupies a particular position, vacant positions (located by the head of the unit), and a file with extracts from personnel orders relating to the unit. The head of the department may have a list of employees indicating the basic biographical information of each of them (year of birth, education, place of residence, home phone number, etc.). All listed documents should be stored in the appropriate files included in the list of files classified as restricted access.

5. Transfer of traffic documents

When transferring a work permit, the employer must comply with the following requirements:

5.1. Do not disclose the PDR to a third party without the written consent of the employee, except in cases where this is necessary in order to prevent a threat to the life and health of the employee, as well as in cases established by federal law.
5.2. Do not communicate PDR for commercial purposes without his written consent.
5.3. Warn persons receiving PDR that this data can only be used for the purposes for which it was communicated, and require those persons to confirm that this rule is observed. Persons receiving a PDR are required to observe a regime of secrecy (confidentiality).
5.4. Carry out the transfer of PDR within the Company in accordance with local regulations, with which the employee must be familiarized with signature.
5.5. Reporting and reference information transmitted to managers must be documented in the form of summaries, certificates, etc. Oral communication information, as a rule, should not be used, except for cases when single information is requested (date of birth of the employee, which university he graduated from, etc.).
5.6. Do not request information about the employee’s health status, with the exception of information that relates to the issue of the employee’s ability to perform a job function.

6. Rights of employees regarding the protection of personal data

In order to ensure the protection of personal development documents kept by the employer, employees have the right to:

6.1. Full information about their traffic data and the processing of this data.
6.2. Free free access to your personal data, including the right to receive copies of any record containing the PDR, except as otherwise provided by federal law.
6.3. Determining your representatives to protect your personal data.
6.4. Requirement to exclude or correct incorrect or incomplete work permits, as well as data processed in violation of the Labor Code of the Russian Federation. If the employer refuses to exclude or correct the PDR, he has the right to declare in writing to the employer his disagreement with the appropriate justification for such disagreement. The employee has the right to supplement the DDR of an evaluative nature with a statement expressing his own point vision.
6.5. The requirement that the employer notify all persons who were previously informed of incorrect or incomplete work permits of all exceptions, corrections or additions made to them.
6.6. Appeal to the court against any unlawful actions or inaction of the employer in the processing and protection of his personal data.

7. Liability for violation of rules governing processing
and protection of employee personal data

7.1. Persons guilty of violating the rules governing the receipt, processing and protection of PDRs bear disciplinary, administrative, civil or criminal liability in accordance with federal laws.

HR inspector

AGREED:

Legal Advisor (______________________)




Related publications: