Advanced Search

On Personal Data

Original Language Title: О персональных данных

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
RUSSIAN FEDERATION FEDERAL LAW On Personal Data Adopted by the State Duma on July 8, 2006 Approved by the Federation Council on July 14, 2006 class="ed">(In the version of federal laws 25.11.2009) N 266-FZ; of 27.12.2009 N 363-FZ; dated 28.06.2010 N 123-FZ; dated 27.07.2010. N 204-FZ; dated 27.07.2010. N 227-FZ; dated 29.11.2010 " N 313-FZ; of 23.12.2010 N 359-FZ; of 04.06.2011 N 123-FZ; of 25 July 2011 N 261-FZ; of 05.04.2013 N 43-FZ; of 23.07.2013 N 205-FZ; of 21 December 2013 N 363-FZ; dated 04.06.2014 N 142-FZ; dated 21.07.2014 N 216-FZ; dated 21.07.2014. N 242-FZ Chapter 1. General provisions Article 1. Scope of this Federal Law 1. The Federal Law regulates relations relating to the processing of personal data carried out by federal bodies of state power, state authorities of the constituent entities of the Russian Federation and other state bodies. (hereinafter referred to as the State authorities), local authorities, other municipal authorities (hereinafter referred to as municipal authorities), legal entities and individuals using means of automation, including Information and telecommunications networks, or without such means, if The processing of personal data without the use of such funds corresponds to the nature of the actions (operations) carried out with personal data using automation means, that is, allows to execute according to the specified algorithm Search for personal data recorded on physical media and contained in files or other organized collections of personal data, and (or) access to such personal data. (In the wording of the Federal Law of 25.07.2011) N261-FZ 2. This Federal Act does not apply to the relationships that arise under: 1) personal data processing by individuals solely for personal and family needs, unless the rights of the entities are violated Personal data; (2) organization of storing, recruiting, recording and using personal data documents of the Archives Fund of the Russian Federation and other archival documents in accordance with archival legislation of the Russian Federation; 3) (Spil-off- Federal Law of 25.07.2011 N 261-FZ ) 4) processing personal data classified in the prescribed manner to state secret; 5) by authorized bodies Information on the activities of the courts in the Russian Federation pursuant to Federal Act No. 262-FZ of 22 December 2008 on access to information on the activities of the courts in the Russian Federation. The paragraph is supplemented by the Federal Law of 28 June 2010. N 123-FZ) Article 2. Purpose of this Federal Law The purpose of this Federal Law is to ensure the protection of human and civil rights and freedoms while processing personal data, including protection The right to privacy, personal and family privacy. Article 3: The basic concepts used in this Federal Law This Federal Law uses the following basic concepts: 1) personal data-any information, relevant to an individual or entity (subject to personal data); (2) the operator is a public authority, a municipal authority, a legal entity or a natural person, independently or jointly with other persons who organize and (or) carry out processing personal data, as well as the defining goals of personal data processing, the composition of personal data to be processed, actions (operations) committed with personal data; 3) processing of personal data-any action (transaction) or a combination of actions (operations) committed using or without automation of personal data, including collection, recording, systematization, accumulation, storage, refinement (update, modification), retrieval, use, transfer (distribution, provision, access), Disclosure, blockage, removal, destruction of personal data; 4) automated processing of personal data-processing of personal data using computer hardware; 5) distribution personal data-actions designed to reveal personal data to an unspecified number of persons; 6) personal data-actions designed to reveal personal data to a particular person or to a certain person 7) personal data blocking is temporary termination of personal data processing (except in cases where processing is necessary for the clarification of personal data); 8) destruction of personal data-actions that make it impossible to restore content of personal data in the information system of personal data and (or) which result in the destruction of personal data carriers; 9) personal data decimation-actions that result in without using additional information to determine personal data belonging to a particular subject of personal data; 10) personal data information system-the collection of personal data contained in the databases technology and technology; 11) cross-border transmission of personal data-transfer of personal data to the territory of a foreign state to the authority of a foreign state, to a foreign natural person or to a foreign national legal person. (Article in The wording of the Federal Law of 25.07.2011. N 261-FZ) Article 4. Russian legislation in the area of personal data 1. The legislation of the Russian Federation in the field of personal data is based on the Constitution of the Russian Federation and international treaties of the Russian Federation and consists of this Federal Act and other defining cases and features. Processing of personal data of federal laws. 2. On the basis of and pursuant to federal laws, State bodies, the Bank of Russia and local authorities may, within the limits of their powers, take normative legal acts, regulations and legal acts (hereinafter-normative legal acts). Acts) on selected issues relating to the processing of personal data. Such acts may not contain provisions restricting the rights of personal data subjects, which impose federal restrictions on the activities of operators or which impose restrictions on operators not provided for in federal regulations. The law shall be published and shall be officially published. (In the wording of the Federal Law of 25.07.2011) N261-FZ 3. The peculiarities of processing personal data carried out without the use of automation equipment may be established by federal laws and other regulatory legal acts of the Russian Federation, taking into account the provisions of this Federal Law. 4. If an international treaty to which the Russian Federation is a party establishes rules other than those provided for by this Federal Act, the rules of the international treaty shall apply. Chapter 2: Personal Data Processing Principles and Conditions Article 5. The principles of personal data processing 1. Personal data processing should be conducted in a legal and equitable manner. 2. Personal data processing should be limited to specific, predetermined and legitimate objectives. Personal data processing incompatible with personal data collection is not permitted. 3. It is not permitted to combine databases containing personal data that are being processed for purposes incompatible with each other. 4. Only personal data that meets the purpose of processing is eligible for processing. 5. The content and volume of personal data processed shall be consistent with the stated objectives of the processing. The personal data to be processed should not be excessive in relation to the stated objectives of their processing. 6. The processing of personal data should ensure the accuracy of personal data, their adequacy and, where necessary, relevance to the purpose of personal data processing. The operator must take the necessary measures or ensure that they are taken to remove or clarify incomplete or inaccurate data. 7. Personal data storage should be stored in a form that allows the identification of a personal data subject, no longer than the purpose of personal data processing, if the period of data storage is not established by federal law, A contract to which the beneficiary is the beneficiary of the personal data. Personal data to be processed shall be destroyed or defoliated for the purpose of processing or in the event of loss of the need to achieve these objectives, unless otherwise provided by the federal law. (Article in the wording of Federal Law No. N261-FZ) Article 6. The conditions for processing personal data 1. The processing of personal data shall be carried out in accordance with the principles and rules set out in this Federal Act. Personal data processing is allowed in the following cases: 1) personal data processing is performed with the consent of the personal data subject to the processing of his personal data; 2) processing personal data In order to achieve the objectives set out in the international treaty of the Russian Federation or the law, to carry out and execute the functions, powers and duties assigned by the Russian Federation's legislation; 3) personal data processing required for implementation of justice, the execution of a court act, an act of another body or an official to be executed in accordance with the laws of the Russian Federation on enforcement proceedings (hereinafter referred to as the execution of the court act); 4) It is necessary to fulfill the powers of the federal executive authorities, bodies of state extrabudgetary funds, executive bodies of the constituent entities of the Russian Federation, local self-government bodies. and functions of the organizations participating in the State and municipal services, respectively, provided by the Federal Act of 27 July 2010 No. 210-FZ "On the organization of the provision of public and municipal services", including the registration of a personal data subject in a single Portal of state and municipal services and (or) regional portals of state and municipal services; (In the wording of the Federal Law 05.04.2013 N 43-FZ) 5) Processing of personal data is necessary for the performance of a contract to which the beneficiary or sponsor of the contract is a subject of personal data, including in the case of the operator's implementation their right to assign rights (requirements) under such a treaty, as well as to conclude a contract on the initiative of the subject of personal data or contract, on which the subject of personal data will be the beneficiary or sponsor; Federal Act dated 21.12.2013. N 363-FZ) 6) Personal data processing is necessary to protect the life, health or other vital interests of a personal data subject if the consent of the personal data subject is not possible; 7) The processing of personal data is necessary for the exercise of the rights and legitimate interests of the operator or third parties or for the achievement of public purposes, provided that the rights and freedoms of the personal data subject are not violated; 8) Processing of personal data is necessary for the implementation of professional The activities of a journalist and (or) lawful activities of the media, or scientific, literary or other creative activity, provided that the rights and legitimate interests of the personal data subject are not violated; 9) Processing of personal data is carried out for statistical or other research purposes, except for the purposes set out in Article 15 of this Federal Law, provided that personal data is made impersonal; 10) personal data processing, unrestricted access of persons to whom personal data is provided, or upon request (hereinafter referred to as personal data made by the public subject of personal data); 11) personal data to be processed shall be processed Publication or mandatory disclosure under federal law. 2. Articles 10 and 11 of this Federal Law establish special categories of personal data as well as biometric personal data. 3. The operator has the right to entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by the federal law, on the basis of a contract concluded with that person, including state or municipal law the contract or by a State or municipal authority for the act (hereinafter referred to as the operator). The person performing the processing of personal data on behalf of the operator is obliged to observe the principles and rules of processing of personal data provided for by this Federal Law. The operator's instructions must define a list of actions (operations) with personal data to be carried out by the person performing the processing of personal data and the purpose of processing must be established the obligation of such person to comply with The confidentiality of personal data and the security of personal data in the processing of personal data, as well as requirements for the protection of personal data in accordance with Article 19 of this Federal Law. 4. The person performing the processing of personal data on behalf of the operator is not obliged to obtain the consent of the subject of personal data for processing his personal data. 5. In case the operator assigns the processing of personal data to another person, the operator bears the responsibility to the identity of the person for the actions of the said person. The person performing the processing of personal data on behalf of the operator is liable to the operator. (Article in the wording of Federal Law dated 25.07.2011. N261-FZ) Article 7. Privacy of personal data Operators and other persons who gain access to personal data are obliged not to disclose to third parties or to distribute personal data without the consent of the person's identity data, unless otherwise provided by federal law. (In the wording of the Federal Law of 25.07.2011) N 261-FZ Article 8. Public data sources 1. For information purposes, public sources of personal data (including directories, address books) may be created. The public sources of personal data with the written consent of the personal data subject may include his or her surname, patronymic, year and place of birth, address, subscriber number, profession and other personal data, class="ed"> reported subject of personal data. (In the version of the Federal Law of 25.07.2011 N261-FZ 2. The identity of the must be at any time excluded from publicly available sources of personal data at the request of the subject of personal data, or by a court or other public authority the authorities. (In the wording of the Federal Law of 25.07.2011) N 261-FZ) Article 9. The consent of the personal data subject to handling his personal data 1. The subject of personal data shall decide on the provision of his or her personal data and consent to their processing freely, his will and his/her interest. The consent to the processing of personal data must be specific, informed and conscious. Consent for processing of personal data may be given by the subject of personal data or his representative in any way of confirming his receipt of the form, unless otherwise established by federal law. In the case of consent to the processing of personal data from a representative of a personal data subject, the authority of the representative to give consent on behalf of the subject of personal data is checked by the operator. 2. Acceptance of personal data processing can be revoked by the subject of personal data. In the event that the subject of personal data is revoked, the operator is entitled to continue processing personal data without the consent of the personal data subject, subject to the grounds set out in article 6, part 1, paragraphs 2 to 11, Article 10, part 2, and article 11, paragraph 2, of this Federal Act. 3. Obligation to provide evidence of the consent of the person concerned to the processing of his personal data or evidence of the existence of the grounds referred to in article 6, paragraphs 2 to 11, article 10, paragraph 2, and article 11, paragraph 2, of the present report The Federal Act is the responsibility of the operator. 4. In cases provided for by federal law, the processing of personal data is carried out only with the consent in writing of the subject of personal data. An electronic document signed in accordance with the federal law by electronic signature is accepted in writing by an electronic signature of the subject of personal data consent. The consent in writing of the personal data subject to the processing of his personal data must include, in particular: 1) the surname, first name, patronymic address, address of the subject of personal data, the number of the main document certifying it person, details of the date of issue of the said document and issuing its authority; 2) the name, patronymic, address of the representative of the personal data subject, the number of the main document proving his identity, details of the date of issue specified document and issuer, power of attorney, or inocular a document confirming the credentials of the representative (obtaining the consent of a representative of a personal data subject); 3) the name, surname, patronymic and address of the operator receiving the consent of the person concerned data; 4) purpose of personal data processing; 5) a list of personal data for which the consent of a subject of personal data is given; 6) the name, surname, patronymic and address of the person, the processing of personal data on behalf of the operator, if any processing will be assigned to such person; 7) a list of personal data actions that are agreed, a general description of how the operator will handle personal data; 8), within that is subject to the consent of the personal data subject, as well as the way in which it is revoked, unless otherwise established by federal law; 9) the signature of a personal data subject. 5. Procedure for obtaining in the form of an electronic document the consent of the subject of personal data to the processing of his personal data for the purpose of provision of state and municipal services, as well as services which are necessary and obligatory for The provision of public and municipal services shall be established by the Government of the Russian Federation. 6. In case of incapacity of the subject of personal data, consent to the processing of his personal data is given by the legal representative of the subject of personal data. 7. In the case of the death of the subject of personal data, consent to the processing of his personal data is given to the inheritors of the personal data, if such consent was not given by the subject of personal data in his life. 8. Personal data may be obtained by the operator from a non-personal data subject, provided that the operator provides evidence of the grounds set out in article 6, paragraphs 2 to 11, article 10, paragraph 2, and article 2, paragraph 2 11 of this Federal Law. (Article as amended by Federal Law of 25.07.2011) N 261-FZ) Article 10. Special personal data categories 1. Special categories of personal data relating to race, nationality, political opinions, religious or philosophical beliefs, health status, private life are not permitted, except in cases where as provided for in Part 2 of this Article. 2. The processing of the special categories of personal data referred to in Part 1 of this article is permitted in cases where: 1) the personal data subject consended in writing to the processing of his personal data; 2) personal data is made by the public entity of personal data; (in the edition of the Federal Law of 25.07.2011). N 261-FZ ) 2-1) the processing of personal data is necessary in connection with the implementation of the international treaties of the Russian Federation on readmission; (Paragraph added-Federal law dated 25.11.2009. N 266-FZ) 2-2) Processing of personal data is carried out in accordance with the Federal Act of 25 January 2002 N 8-FZ "On All-Russian Population Census"; (Paragraph added-Federal Law dated 27.07.2010. N 204-FZ) 2-3) Personal data processing is carried out in accordance with the legislation on state social assistance, labor legislation, pension legislation of the Russian Federation; (...) (...) N 261-FZ) (In the wording of the Federal Law of July 21, 2014). N 216-FZ ) 3) Personal data processing is necessary to protect the life, health or other vital interests of the subject of personal data or the life, health or other vital interests of other persons It is impossible to obtain the consent of the subject of personal data; (as amended by the Federal Law of 25.07.2011). N 261 FZ ) 4) personal data processing is carried out for medical and prophylactic purposes, for purposes of medical diagnosis, provision of medical and medical-social services, provided that personal data processing is carried out by a person who is professionally engaged in medical activities and is obliged under the laws of the Russian Federation to maintain medical confidentiality; 5) processing personal data of members of the public or Religious Organization shall be by the relevant public association or religious organization acting in accordance with the laws of the Russian Federation, in order to achieve the legitimate purposes provided for in their constituent documents, provided that personal The data will not be distributed without the consent in writing of the personal data subjects; 6) personal data processing is necessary to establish or implement rights of a personal data subject or third party and in relation to the administration of justice; Federal Law of 25.07.2011 N 261-FZ 7) Personal data processing is carried out in accordance with the Russian Federation's legislation on defence, security, counterterrorism, transport security, and "Anti-corruption, operational and search activities, executive proceedings, criminal enforcement legislation of the Russian Federation; (as amended by the Federal Law dated 25.07.2011. N 261-FZ 7-1) Processing of personal data received in the Russian Federation's legislation is carried out by the procuratorial authorities in connection with their exercise of procuratorial supervision; (The paragraph is amended by the Federal Law of 23.07.2013). N 205-FZ) 8) the processing of personal data is carried out in accordance with the law on compulsory types of insurance, with insurance legislation; (Paragraph addition is the Federal Act of 29.11.2010). N 313-FZ) (Federal Law of 25.07.2011). N 261-FZ ) 9) Personal data processing is carried out in cases stipulated by the legislation of the Russian Federation, state bodies, municipal authorities or organizations for the purposes of the device Children left without parental care in the family of citizens; (Paragraph is amended by the Federal Law of 25.07.2011). N 261-FZ ) 10) the processing of personal data is carried out in accordance with the Russian Federation's legislation on citizenship of the Russian Federation. (The paragraph is supplemented by the Federal Law of 04.06.2014). N 142-FZ) 3. The processing of personal criminal records may be carried out by State bodies or municipal authorities, within the limits of the powers granted to them under the laws of the Russian Federation, as well as by other persons in cases and in the case of Order of the President of the Russian Federation. 4. The processing of special personal data categories, carried out in the cases provided for in Parts 2 and 3 of this Article, shall be terminated immediately if the reasons for the processing of the data have been eliminated, Unless otherwise specified by federal law. (In the wording of Federal Law No. N261-FZ) Article 11. Biometric personal data 1. Information that describes the physiological and biological characteristics of a person on the basis of which he can be identified (biometric personal data) used by the operator to identify the person Personal data may be processed only with the consent in writing of the personal data subject, except as provided for in Part 2 of this Article. 2. The processing of biometric personal data can be carried out without the consent of the subject of personal data in connection with the implementation of the international treaties of the Russian Federation on readmission, in connection with the administration of justice and the execution of judicial acts, and in the cases stipulated by the Russian Federation's legislation on defence, security, counterterrorism, transport security, combating corruption, operational and search activities, and public service, THE RUSSIAN FEDERATION OF THE PRESIDENT OF THE RUSSIAN FEDERATION (...) (...) N 142-FZ) (Article as amended by the Federal Law of 25.07.2011) N261-FZ) Article 12. Cross-border transfer of personal data 1. Cross-border transmission of personal data on the territory of foreign countries that are parties to the Council of Europe Convention on the Protection of Individuals with the Automatic Processing of Personal Data, as well as other foreign States, ensuring adequate protection of the rights of personal data subjects, is carried out in accordance with this Federal Law and may be prohibited or restricted in order to protect the foundations of the constitutional order of the Russian Federation, morality, to the health, rights and legal interests of citizens, to defend the country the security of the State. 2. The Commissioner for the Protection of the Rights of Personal Data approves the list of foreign states not party to the Council of Europe Convention on the Protection of Individuals with respect to the Automated Processing of Personal Data and Support Adequate protection of the rights of personal data subjects. A State which is not a party to the Council of Europe Convention on the Protection of Individuals with respect to Automated Processing of Personal Data may be included in the list of foreign States that provide adequate protection of the rights of the subjects of personal data. In accordance with the provisions of the Convention in accordance with the provisions of the Convention on the Rights of the 3. The operator is obliged to ensure that the foreign State on whose territory the transfer of personal data is carried out ensures adequate protection of the rights of personal data subjects before the start of the cross-border transfer personal data. 4. Cross-border transmission of personal data in the territory of foreign states that do not provide adequate protection of the rights of personal data subjects can be carried out in cases: 1) the existence of consent in the written form of the subject personal data for the transboundary transfer of his personal data; 2) of the Russian Federation's international treaties; 3) provided by federal laws, if necessary for the protection of the foundations OF THE PRESIDENT OF THE RUSSIAN FEDERATION The security of the state, as well as ensuring the safety of the sustainable and safe functioning of the transport complex, the protection of the interests of the individual, society and the state in the sphere of transport complex from acts of unlawful interference; 4) the performance of the contract to which the identity subject is a party; 5) to protect the life, health, other vital interests of the identity or other persons, if it is impossible to obtain consent in writing personal data principal form. (Article in the wording of Federal Law No. N 261-FZ) Article 13. { \cs6\f1\cf6\lang1024 } Personal data { \cs6\f1\cf6\lang1024 } { \field { \field { \field { \field { \field { \field { \field { \field { \ The public authorities and municipalities shall establish, within the limits of their powers, established in accordance with federal laws, State or municipal information systems of personal data. 2. Federal laws may establish the features of personal data recording in State and municipal information systems of personal data, including the use of different ways of marking the identity of personal data, contained in the relevant State or municipal information system of personal data, a particular subject of personal data. 3. Human and citizen's rights and freedoms may not be restricted for reasons connected with the use of different methods of processing personal data or the identity of personal data contained in State or municipal data. personal data information systems, a particular subject of personal data. It is not permitted to use insulting citizens or degrading ways of identifying the identity of personal data contained in State or municipal information systems of personal data, a specific subject of personal data. 4. In order to ensure the realization of the rights of personal data owners in connection with the processing of their personal data in state or municipal information systems of personal data, a state register of the population may be created, legal The status of which the federal law establishes the status and procedure of its work. Chapter 3: Personal data subject rights Article 14. The right of the personal data subject to access to his personal data 1. The subject of personal data shall be entitled to the particulars referred to in Part 7 of this Article, except as provided for in Part 8 of this Article. The subject of personal data is entitled to require the operator to specify his personal data, to block or destroy them in the event that personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as to take legal measures for the protection of their rights. 2. The particulars referred to in Part 7 of this Article shall be provided to the subject of personal data by the operator in an accessible form and shall not contain personal data relevant to other personal data entities, except If there is a legal basis for the disclosure of such personal data. 3. The particulars referred to in part 7 of this article shall be made available to the subject of personal data or to his or her representative by the operator in connection with the request or when receiving a request from a personal data subject or his representative. The request should contain the number of the principal document identifying the identity of the subject of personal data or its representative, the date of issue of the said document and the issuing authority, information confirming the participation of the person's identity. of the data in relation to the operator (contract number, date of conclusion of the contract, symbol and/or other information), or other evidence confirming the processing of personal data by the operator, the signature of the identity of the person of the data or its representative. The request may be submitted in the form of an electronic document and signed by electronic signature in accordance with the legislation of the Russian Federation. 4. In the event that the particulars referred to in Part 7 of this article and the personal data being processed are made available to the subject of personal data upon request, the subject of personal data shall be entitled to refer again to the operator or to send him a repeated request to obtain the particulars referred to in Part 7 of this Article and to acquaint himself with such personal data not earlier than thirty days after the initial request or initial request, if a shorter period is not established by a federal law enacted in compliance with it by a normative legal act or a contract to which the beneficiary or the beneficiary is a personal data subject. 5. The subject of personal data shall be entitled to apply again to the operator or to submit a repeated request for the purpose of obtaining the particulars referred to in Part 7 of this Article and for the purpose of familiarting with the personal data to be processed before the expiry of the The period specified in paragraph 4 of this article, if such information and/or the personal data being processed has not been made available to it for consultation in full on the results of the examination of the initial appeal. The rerequest, together with the particulars referred to in paragraph 3 of this article, shall contain justification for the rerequest. 6. The operator may deny the subject of personal data in the execution of a repeated request that does not meet the conditions laid down in Parts 4 and 5 of this Article. Such a waiver must be motivated. The operator is responsible for demonstrating the reasonableness of the refusation. 7. The subject of personal data is entitled to receive information regarding the processing of his personal data, including: 1) proof of the operator's personal data processing; 2) the legal basis and the purpose of the personal data processing; 3) the purpose and the operator's methods of processing personal data; 4) the name and location of the operator, the details of the persons (excluding the operators) that have personal data access or personal data can be disclosed data on the basis of a contract with an operator or a federal law; 5) personal data related to the relevant subject of personal data, the source of their receipt, if other order of submission of such data The data are not provided for by federal law; 6) the time frame for processing personal data, including the date of their storage; 7) how the subject of personal data is exercised by the subject of the rights provided for by this Federal Law; 8) information about the intended or alleged Transfrontier data transmission; 9) the name, surname, patronymic and address of the person performing the processing of personal data on behalf of the operator, if the processing is entrusted to or will be assigned to such person; 10) other Information provided by this Federal Act or other federal laws. 8. The right of a person's personal data to access his or her personal data may be restricted in accordance with federal laws, including: 1) processing personal data, including personal data obtained as a result operational and search, counter-intelligence and intelligence activities are carried out for the purposes of defence of the country, security of the state and law enforcement; 2) processing of personal data is carried out by the implementing bodies Detention of a subject of personal data on suspicion of commission (a) Criminal offence (s) or personal data (s) that have been applied to the subject of personal data prior to the filing of the charge, with the exception of the criminal procedure OF THE PRESIDENT OF THE RUSSIAN FEDERATION the legalization (laundering) of proceeds of crime; and The financing of terrorism; 4) the access of a subject of personal data to his personal data violates the rights and legitimate interests of third parties; 5) the processing of personal data is carried out in cases envisaged OF THE PRESIDENT OF THE RUSSIAN FEDERATION illegal interference. Federal Law of 25.07.2011 N 261-FZ) Article 15. The rights of the subjects of personal data in processing their personal data for the purpose of promoting goods, works, services in the market, as well as for purposes of political agitation 1. Personal data processing for the purpose of promoting goods, works and services in the market through direct contacts with potential consumers by means of communication, as well as for the purposes of political campaigning is allowed only The prior consent of the personal data subject. This processing of personal data is recognized as being carried out without the prior consent of the personal data subject, unless the operator proves that such consent has been obtained. 2. The operator shall immediately cease the processing of personal data referred to in Part 1 of this Article at the request of the subject of personal data. Article 16. The rights of the subjects of personal data in the adoption of decisions based solely on automated processing of their personal data 1. It is prohibited to accept, on the basis of purely automated processing of personal data, decisions that produce legal consequences for a subject of personal data or otherwise affecting their rights and legitimate interests, except as provided for in Part 2 of this Article. 2. A decision that gives rise to legal consequences for a subject of personal data or otherwise affecting his or her rights and legitimate interests may be taken on the basis of purely automated processing of his personal data only if there is agreement in the written form of the subject of personal data or in cases provided for by federal laws, also establishing measures to ensure the observance of the rights and legitimate interests of the subject of personal data. 3. The operator is obliged to explain to the subject of personal data the procedure for taking a decision based solely on the automated processing of his personal data and the possible legal consequences of such a decision, to provide an opportunity to say Objections to such a decision, as well as explain how the subject of personal data protection is protected by his or her rights and legitimate interests. 4. The operator is obliged to consider the objection set out in part 3 of this article, within thirty days from the date of its receipt and to notify the subject of personal data of the outcome of the objection. (In the wording of the Federal Law of 25.07.2011) N261 FZ) Article 17. The right to challenge the actions or omissions of the operator 1. If the operator considers that the operator carries out the processing of his personal data in violation of the requirements of this Federal Act or otherwise violates his or her rights and freedoms, the subject of personal data is entitled to appeal The act or omission of the operator to the authorized body for the protection of the rights of the subjects of personal data or in court. 2. The subject of personal data is entitled to the protection of his or her rights and legitimate interests, including compensation for damages and (or) compensation for moral injury in court. Chapter 4: Operator responsibilities Article 18. Operator responsibilities when collecting personal data 1. In the collection of personal data, the operator is obliged to provide the subject of personal data at his request with the information provided for in article 14, paragraph 7, of this Federal Law. 2. If the provision of personal data is mandatory under federal law, the operator is obliged to explain to the subject of personal data the legal consequences of the refusal to provide his personal data. 3. If personal data is not received from a personal data subject, the operator, except in the cases provided for in Part 4 of this Article, is obliged to provide the following personal data to the subject of personal data Information: 1) the name, first name, patronymic and address of the operator or its representative; 2) the purpose of the personal data processing and its legal basis; 3) alleged users of personal data; 4) statutory rights Personal data subject; 5) source of personal data. 4. The operator is relieved from the obligation to provide the subject of personal data with the information provided for in Part 3 of this Article, in cases where: 1) the identity of the personal data is notified of the processing of his or her personal data by the operator; 2) personal data is obtained by the operator on the basis of a federal law or in connection with the performance of a contract to which the beneficiary or the beneficiary is a beneficiary personal data; 3) personal data made by a publicly available identity or obtained from a publicly available source; 4) the operator performs the processing of personal data for statistical or other research purposes The activities of a journalist, or scientific, literary or other creative activity, without violating the rights and legitimate interests of the subject of personal data; 5) providing the subject of personal information provided for Part 3 of this article violates the rights and lawful interests of third parties. 5. The operator is obliged to ensure recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens. OF THE PRESIDENT OF THE RUSSIAN FEDERATION (Part of the addition is the federal law of 21.07.2014. N 242-FZ) N 261-FZ) Article 18-1. Measures to ensure compliance Operator of duties provided by true Federal Law 1. The operator is obliged to take measures necessary and sufficient to ensure that the duties provided for in this Federal Law are fulfilled and adopted in accordance with the law. The operator independently determines the composition and the list of measures necessary and sufficient to ensure the fulfillment of the obligations stipulated by this Federal Law and adopted by the regulatory legal acts, if not otherwise. is provided for by this Federal Act or by other federal laws. Such measures may include, inter alia: 1) designation by the operator, who is the legal entity responsible for organizing the processing of personal data; 2) by an operator who is a legal entity, Documents defining the operator's policy regarding the processing of personal data, local acts on personal data processing, and local acts establishing procedures to prevent and detect violations OF THE PRESIDENT OF THE RUSSIAN FEDERATION 3) application of legal, organizational and technical measures to ensure the security of personal data in accordance with Article 19 of this Federal Law; 4) implementation of internal control and (or) audit The correspondence of the processing of personal data to this Federal Act and the legal acts adopted under it, the requirements for the protection of personal data, the operator's policy regarding the processing of personal data, and local acts operator; 5) an assessment of the harm that may be caused The subjects of personal data in case of violation of this Federal Law, the ratio of the specified harm and the measures taken by the operator to ensure fulfillment of the obligations stipulated by this Federal Law; 6) familiiating employees of the operator directly with the processing of personal data with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, documents, defining the operator's policies regarding the treatment of personal data, local acts on personal data processing, and (or) training of these employees. 2. The operator is obliged to publish or otherwise provide unrestricted access to the document defining its personal data processing policy, to the details of the requirements for the protection of personal data. The operator, which collects personal data using information and telecommunications networks, is required to publish in the relevant information and telecommunications network a document defining its handling policy Personal data, and information about the requirements for personal data protection being implemented, as well as the possibility of access to the specified document using the appropriate information and telecommunication network. 3. OF THE PRESIDENT OF THE RUSSIAN FEDERATION State or municipal authorities. 4. The operator is required to submit the documents and local acts referred to in Part 1 of this Article and, otherwise, to confirm the measures referred to in Part 1 of this Article at the request of the authorized body for the protection of the rights of the subjects of personal documents. Data. (Article padded-Federal Law of 25.07.2011 N 261-FZ) Article 19. Security measures for personal data when they are processed 1. A personal data processing operator is required to take the necessary legal, organizational and technical measures or to ensure that they are adopted to protect personal data from improper or accidental access, destruction, modification, Blocking, copying, provision, distribution of personal data, and other illegal actions regarding personal data. 2. The security of personal data is achieved, in particular: 1) the definition of threats to the security of personal data in their processing in personal data information systems; 2) by applying organizational and Technical measures to ensure the security of personal data, when processing them in the personal data information systems needed to fulfill the requirements for the protection of personal data, the performance of which is provided by the The Government of the Russian Federation has levels of personal data security; 3) the application of the information security compliance assessment procedure in accordance with the established procedure; 4) assessing the effectiveness of the measures taken to ensure the security of personal data before being put into service Information system of personal data; 5) records of personal data; 6) detecting unauthorized access to personal data and taking measures; 7) recovery of personal data, modified or destroyed as a result of unauthorized access to them; 8) establishing access rules for personal data processed in the personal data information system, as well as ensuring the registration and recording of all personal actions data in the personal data information system; 9) control of the measures taken to ensure the security of personal data and the level of protection of personal data information systems. 3. The Government of the Russian Federation, considering the possible harm to the subject of personal data, the volume and content of personal data processed, the type of activity in which personal data is processed, the relevance of threats Security of personal data sets: 1) personal data security levels when they are processed in personal data information systems, depending on security threats; 2) security requirements for personal data processing in information systems personal data, which provides established levels of personal data security; 3) material requirements for biometric personal data and data storage technologies outside information personal data systems. 4. Composition and content of the security requirements established by the Government of the Russian Federation, in accordance with Part 3 of this Article, for each of the levels of protection, organizational and technical measures The security of personal data is established by the federal executive authority, the federal executive authority and the federal executive authority and the technical authorities information, within the limits of their powers. 5. Federal executive bodies, which carry out functions for the elaboration of state policy and regulatory and legal regulation in the established sphere of activity, bodies of the state authorities of the constituent entities of the Russian Federation, the Bank of Russia, State bodies of extrabudgetary funds, other state bodies, within the limits of their authority, adopt legal acts that identify threats to the security of personal data relevant to the processing of personal data in the Information systems of personal data operated by the Implementation of the relevant activities, taking into account the contents of the personal data, the nature and the manner in which they are processed. 6. In addition to threats to the security of personal data, as defined in the normative legal acts adopted under Part 5 of this article, associations, unions and other operators ' associations may decide additional threats Security of personal data relevant to the processing of personal data in information systems of personal data used in certain activities by members of such associations, unions and other associations of operators, in the context of personal data, the nature and the manner in which they are processing. 7. The draft regulatory legal acts referred to in Part 5 of this article shall be subject to approval by the federal executive authority authorized in the field of security, and by the federal executive authority authorized by Areas of counteraction to technical intelligence and technical protection of information. The draft decisions referred to in Part 6 of this article shall be subject to agreement with the federal executive authority in the field of security and the federal executive authority competent in the field of human rights. to counteract technical intelligence and technical protection, in accordance with the procedure established by the Government of the Russian Federation. Decision of the federal executive authority in the field of security and the federal executive authority responsible for counteracting technical intelligence and technical protection of information about the refusal The decisions referred to in Part 6 of this Article shall be subject to a reasoned decision. 8. Control and supervision of organizational and technical measures to ensure the security of personal data set up under this article when processing personal data in public information systems of personal data The data are being carried out by the Federal Executive Office, the Commissioner for Security, and the federal executive body responsible for counteracting technical intelligence and technical protection of information, within their mandate and without the right to know Personal data processed in personal data information systems. 9. The Federal Executive, the Commissioner for Security, and the federal executive body responsible for counteracting technical intelligence and technical protection of information, by the decision of the Government In view of the importance and content of personal data processed, the Russian Federation may be empowered to monitor institutional and technical measures to ensure the safety of personal data set up in the in accordance with this article, in the event that they are processed in the Personal data systems operated for certain activities and are not public information systems of personal data, without the right of access to personal data processed in Information systems of personal data. 10. The use and storage of biometric personal data outside information systems of personal data can only be used on such material media and its storage technology that provides protection these data from improper or random access to them, their destruction, alteration, blocking, copying, distribution, distribution. 11. For the purposes of this article, personal data security is threatened by a combination of conditions and factors that create the risk of unauthorized persons, including random access to personal data, the result of which may result Destroying, modifying, blocking, copying, distributing, distributing personal data, and other illegal actions when they are processed in the personal data information system. The level of security of personal data is understood to be a complex indicator characterizing requirements, the performance of which ensures the neutralization of certain threats to the security of personal data while processing them in information systems personal data. (Article as amended by the Federal Law of 25.07.2011) N261-FZ) Article 20. The operator's duties when accessing it personal data subject, or when retrieving the personal data subject request or its delegate, as well as the authorized body privacy protection 1. The operator is obliged to report in the manner prescribed in article 14 of this Federal Law, the subject of personal data or his representative information about the availability of personal data related to the relevant subject of personal data, and Also provide access to these personal data when a subject of personal data or his or her representative is submitted, or within thirty days from the date of receipt of a request from a personal data subject or his or her representative. 2. In case of refusal to provide information on the availability of personal data of the relevant personal data or personal data to the subject of the personal data or its representative, if requested by the entity, or when receiving a request from the entity The operator is obliged to give a reasoned response in writing, referring to the provision of article 14, paragraph 8, of this Federal Act or other federal law, which is the basis for such refusal, in a period not exceeding thirty days from the date of the application of the personal data subject or a representative of his or her representative from the date of receipt of the request by the personal data subject or his representative. 3. The operator is required to provide personal data to this subject of personal data to the subject of personal data or to his or her representative. Within a period not exceeding seven working days from the date of submission of personal data by the subject of personal data or his representative, the operator is obliged to submit personal data to the operator required changes. Within a period not exceeding seven working days from the date of submission of personal data by the subject or his representative, that such personal data are either illicitly obtained or not necessary for the stated purpose processing, the operator is obliged to destroy such personal data. The operator must notify the subject of personal data or its representative of the changes made and the measures taken and take reasonable measures to notify third persons to whom the identity of the subject has been transferred. 4. The operator is obliged to inform the authorized body on the protection of the rights of the subjects of personal data upon request of this body the necessary information within thirty days from the date of receipt of such request. Federal Law of 25.07.2011 N261-FZ) Article 21. Duties of the operator to eliminate the violations laws approved during processing of personal data, on clarification, blocking and destruction of personal data 1. In the case of identification of improper processing of personal data when the subject of personal data or his representative's representative or at the request of the person or his representative or the authorized body for the protection of the rights of the subjects The operator is obliged to freeze personal data belonging to this subject of personal data or to block them (if the processing of personal data is done by another person, operating on behalf of the operator) since the moment of such treatment, or Receive the specified query for the validation period. In case of identification of inaccurate personal data when the subject of personal data or his representative's request is identified, or at the request of the authorized body for the protection of the rights of the subjects of personal data, the operator is obliged to carry out Blocking personal data belonging to this subject of personal data, or to block them (if personal data is handled by another person acting on behalf of the operator) from the moment of such treatment, or Receive the specified query for the validation period if the blocking of personal data is not violates the rights and legitimate interests of the subject of personal data or third parties. 2. In the event of confirmation of the inaccuracy of the personal data, the operator based on the information provided by the personal data subject or his representative or the authorized body for the protection of the rights of the subjects of personal data or other necessary data Documents are required to clarify or clarify personal data (if the processing of personal data is performed by another person acting on behalf of the operator) within seven working days of the submission of such information and to withdraw them blocking personal data. 3. In the event of identification of improper processing of personal data carried out by an operator or a person acting on behalf of the operator, the operator within a period not exceeding three working days from the date of that identification must stop the improper treatment Personal data or ensure that the improper handling of personal data by the person acting on behalf of the operator. In the event that the processing of personal data is not lawful, the operator is required to destroy such personal data or ensure that the operator is required to destroy such personal data at a time no more than ten working days from the date of detection of false processing of personal data Their destruction. The operator is obliged to notify the subject of personal data or his or her representative of the violation of the personal data or the destruction of personal data The authorized body for the protection of the rights of personal data subjects was sent by the authorized body for the protection of the rights of personal data subjects. 4. Where the purpose of the processing of personal data is achieved, the operator is obliged to stop processing personal data or to ensure termination of the personal data (if the processing of personal data is performed by another person acting on behalf of the operator) and destroy personal data or ensure that they are destroyed (if personal data is handled by another person acting on behalf of the operator) within a period not exceeding thirty days from the date of achieving the goal of personal data processing, unless otherwise provided by the contract to which the beneficiary or the beneficiary by another agreement between the operator and the subject of personal data, or if the operator is not authorized to process personal data without the consent of the personal data subject, the grounds provided for by this Federal Act or other federal laws. 5. In the event that the subject of personal data is revoked by the person, the operator is required to stop processing them or to ensure that such processing is terminated (if the processing of personal data is done by another person acting in accordance with If personal data is no longer required for personal data processing, destruction of personal data or destruction (if personal data processing is done by another person, operating on behalf of the operator) within a period not exceeding thirty days from The date of receipt of the withdrawal, unless otherwise provided by a contract to which the beneficiary is a beneficiary or a personal data entity, by another agreement between the operator and the subject of personal data, or If the operator is not entitled to process personal data without the consent of the subject of personal data on the grounds provided for by this Federal Law or other federal laws. 6. In the absence of the possibility of the destruction of personal data within the period specified in parts 3 to 5 of this article, the operator shall block such personal data or ensure that they are blocked (if personal data is handled) is carried out by another person acting on behalf of the operator) and ensures the destruction of personal data for a period of not more than six months unless otherwise stipulated by federal laws. Federal Act dated 25.07.2011. N 261-FZ) Article 22. Personal data notification 1. The operator must notify the authorized body for the protection of the rights of the subjects of personal data of his intention to perform personal data processing, except in the cases provided for in Part 2 of this article articles. 2. The operator is entitled to carry out without notification the authorized body for the protection of the rights of personal data processing entities: 1) processed in accordance with the labor laws; Federal Law of 25.07.2011 N 261 FZ) 2) received by the operator in connection with the conclusion of a contract to which a subject is a subject of personal data, if personal data are not distributed and are not made available to third parties without consent is used by the operator solely for the performance of the specified treaty and the conclusion of contracts with the subject of personal data; 3) relating to members (participants) of a public association or religious organizations and are processed by the relevant public associations or A religious organization acting in accordance with the laws of the Russian Federation, in order to achieve the legitimate objectives of their constituent instruments, provided that personal data are not subject to the dissemination of the class="ed"> or be disclosed to third parties without consent in writing of subjects of personal data; (In the wording of Federal Law dated 25.07.2011. N 261-FZ 4) personal data made by the subject public; (In the wording of the Federal Law 25.07.2011 N261-FZ 5) which includes only the names, names and patronymics of the personal data subjects; 6) required for the purpose of a single pass of the identity card to the territory on which the operator is located, or for other similar purposes; 7) included in information systems of personal data, which have the status of State automated information systemsin accordance with federal laws, as well as in Public information systems of personal data created in the The aim is to protect the security of the state and public order; (In the wording of the Federal Law of 25.07.2011) N 261-FZ ) 8) processed without the use of automation equipment in accordance with federal laws or other regulatory legal acts of the Russian Federation establishing security requirements personal data for processing and observing the rights of the subjects of personal data; 9) processed in the cases provided for by the Russian Federation's legislation on transport security; for sustainable and safe operations of the transport complex, the protection of the interests of the individual, the society and the State in the sphere of transport complex from acts of unlawful interference. (The paragraph is amended by the Federal Law of 25.07.2011). N261-FZ) 3. The notification referred to in Part 1 of this Article shall be transmitted in the form of a paper document or in the form of an electronic document and signed by an authorized person. The notification shall contain the following information: (In the wording of the Federal Law of 25.07.2011) N 261 FZ) 1) the name (surname, name, patronymic), address of operator; 2) purpose of personal data processing; 3) category of personal data; 4) categories of subjects, personal data which are processed; 5) legal basis for processing personal data; 6) personal data action list, general description of how the operator can handle personal data; 7) a description of the measures envisaged in Articles 18 to 1 and 19 of this Federal Act, including information on the availability of cryptographic (cryptographic) items and the names of these funds; (In the wording of Federal Law dated 25.07.2011. N 261 FZ ) 7-1) the name, surname, patronymic of the natural person or the name of the legal entity responsible for organizing the processing of personal data, and the number of their contact numbers, mailing addresses and addresses Electronic mail; (Paragraph addition is the Federal Law of 25.07.2011. N 261-FZ ) 8) the date on which personal data was processed; 9) the date or condition for the termination of personal data processing; 10) the presence or absence information Transborder transmission of personal data in the process of processing them; (Paragraph added is the Federal Law of 25.07.2011 N261-FZ 10-1) information on the location of the database containing personal data of citizens of the Russian Federation; (Paragraph added: Federal law dated 21.07.2014 N 242-FZ11) information on the provision of personal data security in accordance with the requirements for the protection of personal data set by the Government of the Russian Federation. (The paragraph is amended by the Federal Law of 25.07.2011). N261-FZ 4. The authorized body for the protection of the rights of the subjects of personal data within thirty days from the date of the notification of the processing of personal data shall provide the particulars referred to in Part 3 of this Article, as well as the date of dispatch the specified notification to the statement registry. The information contained in the registry of the operators, with the exception of information on the means of ensuring the security of personal data during processing, is publicly available. 5. The operator cannot be charged with the processing of the notification of the processing of personal data by the authorized body for the protection of the rights of personal data subjects, as well as for the inclusion of information in the register of operators. 6. In the case of incomplete or incorrect information referred to in part 3 of this article, the authorized body for the protection of the rights of the subjects of personal data shall be entitled to require the operator to clarify the information provided before they are entered into the register statements. 7. In case of changes in the particulars referred to in Part 3 of this Article, as well as in case of termination of personal data processing, the operator is obliged to notify the authorized body for the protection of the rights of the subjects of personal data within ten workers. days from the date of such change or from the date of termination of personal data processing. (In the wording of the Federal Law of 25.07.2011) N 261-FZ) Article 22-1. Those responsible for the organization of the processing personal data in organizations 1. The operator, who is a legal entity, appoints the person responsible for the organization of personal data processing. 2. The person responsible for organizing the processing of personal data shall receive instructions directly from the executive body of the organization which is the operator and report to it. 3. The operator is required to provide the person responsible for the processing of personal data with the information specified in article 22, paragraph 3, of this Federal Act. 4. The person responsible for organizing the processing of personal data, in particular, is obliged: 1) to exercise internal control over the observance by the operator and its employees of the legislation of the Russian Federation on personal data, including: requirements for the protection of personal data; 2) to bring to the attention of employees of the operator the provisions of the legislation of the Russian Federation on personal data, local acts on the processing of personal data, requirements for protection personal data; 3) organize reception and processing requests and/or requests from personal data or their representatives and (or) to monitor the reception and handling of such requests and requests. (Article padded-Federal law dated 25.07.2011. N 261-FZ) Chapter 5: Control and oversight of personal data processing. Liability for violation of the requirements of this Federal Law Article 23. The authorized body for the protection of the rights of subjects personal data 1. The competent authority for the protection of the rights of personal data subjects, which is responsible for ensuring the control and supervision of the conformity of the processing of personal data with the requirements of this Federal Law, is the federal authority The executive branch is responsible for monitoring and oversight in the field of information technology and communications. 2. The Authorized body for the protection of the rights of personal data subjects considers the applications of the subject of personal data on the compliance of the contents of personal data and the ways of their processing the purpose of their processing and makes a corresponding decision. 3. The authorized body for the protection of the rights of the subjects of personal data has the right: (1) to request from individuals or legal entities the information necessary for the exercise of their powers and to obtain such information free of charge; 2) to check the information contained in the personal data processing notification, or to involve other State authorities within their authority to perform such verification; 3) to require clarification from the operator, the freezing or destruction of unreachable or illegal traffic Personal data; 3-1) to limit access to information processed in violation of Russian Federation legislation in the field of personal data, in accordance with the procedure established by the legislation of the Russian Federation; (The paragraph is amended by the Federal Law of July 21, 2014). N 242-FZ) 4) to take measures, in accordance with the legislation of the Russian Federation, to suspend or stop the processing of personal data, which is carried out in violation of the requirements of this Federal Law; 5) apply to the court to protect the rights of the subjects of personal data, including the rights of the unknown person, and to represent the interests of the subjects of personal data in court; class="ed"> (In the federal law dated 25.07.2011. N261-FZ) 5-1) to be sent to the federal executive authority in the field of security and the federal executive authority in the field of counteraction technical information and technical protection of the information referred to in article 22, part 3, paragraph 7, of this Federal Act for the scope of their activities; (Paragraph added: Federal law from 25.07.2011 N261-FZ) 6) to apply to the operator's licensing authority to consider measures for suspension or cancellation of a licence in the prescribed licence; OF THE PRESIDENT OF THE RUSSIAN FEDERATION, if the condition of the licence to carry out such activities is to prohibit the transfer of personal data to third parties without the consent in writing of the subject of personal data; 7) to send to the Public Prosecutor's Office, other law enforcement agencies for the Decisions to institute criminal proceedings on the grounds of crimes involving violation of the rights of personal data subjects, in accordance with jurisdiction; 8) to submit proposals to the Government of the Russian Federation on the Improving the regulatory legal framework for the protection of the rights of personal data subjects; 9) to bring to administrative responsibility the perpetrators of violations of this Federal Law. 4. Personal data should be kept confidential in respect of personal data, which became known to the authorized body for the protection of the rights of the subjects of personal data in the course of its operations. 5. The authorized body for the protection of the rights of personal data subjects is obliged to: 1) to organize, in accordance with the requirements of this Federal Law and other federal laws, the protection of the rights of personal data subjects; (2) To consider complaints and appeals by citizens or legal entities on issues related to the processing of personal data, as well as to take decisions, within the limits of their authority, on the outcome of the examination of these complaints and appeals; 3) maintain a register of operators; 4) implement measures aimed at Improving the protection of the rights of personal data subjects; 5) to receive, in accordance with the legislation of the Russian Federation, the procedure for the submission of the federal executive authority in the field of security Security, or a federal executive body authorized to counter technical intelligence and technical protection of information, measures to suspend or stop the processing of personal data; 6) inform the public authorities as well as the subjects of personal data on their communications or requests for the status of the protection of the rights of personal data subjects; 7) to carry out other duties under the Russian Federation's legislation. 5-1. The Commissioner for Protection of the Rights of Personal Data carries out cooperation with the authorities responsible for the protection of the rights of personal data subjects in foreign countries, in particular the international exchange of information on the protection of rights The list of foreign states, which provides for adequate protection of the rights of the subjects of personal data, is approved. (Part of the addition is the Federal Law of 25.07.2011. N261-FZ) 6. Decisions of the authorized body for the protection of the rights of personal data subjects can be appealed in court. 7. The Commissioner for Protection of Rights of Personal Data subjects an annual report on his activities to the President of the Russian Federation, to the Government of the Russian Federation and to the Federal Assembly of the Russian Federation. The report is to be published in the media. 8. The financing of the authorized body for the protection of the rights of the subjects of personal data is carried out at the expense of the federal budget. 9. Under the authorized body for the protection of the rights of the subjects of personal data, a consultative council is established at the public beginning, the procedure of formation and procedure of which is determined by the authorized body for the protection of the rights of the subjects of personal data. data. Article 24. Liability for violation of the requirements of this Federal Law 1. Personsguilty of violating the requirements of this Federal Law, are liable under the law of the Russian Federation. (In the wording of Federal Law dated 25.07.2011. N 261-FZ) 2. Moral harm caused to a subject of personal data as a result of a violation of his rights, violation of the rules of processing of personal data established by this Federal Law, as well as requirements for protection of personal data set in In accordance with the legislation of the Russian Federation, the Federal Act provides for compensation. Compensation for moral injury is exercised independently of the compensation of the property damage and the personal injury suffered by the subject. (Part of the addition is the Federal Law of 25.07.2011. N 261-FZ) Chapter 6: Final provisions Article 25. Final provisions 1. This Federal Law shall enter into force at the expiration of one hundred and eighty days after the date of its official publication. 2. After the day of the entry into force of this Federal Law, processing of personal data included in information systems of personal data up to the day of its entry into force shall be carried out in accordance with this Federal Law. 2-1. The operators who processed the personal data before 1 July 2011 are required to submit to the authorized body for the protection of the rights of the subjects of personal data the information referred to in paragraphs 5, 7-1, 10 and 11 of part 3 of article 22 of the present Federal Law, no later than 1 January 2013. (Part of the addition is the Federal Law of 25.07.2011. N261-FZ) 3. (Federal Law of 25.07.2011). N261-FZ) 4. Operators who process personal data before the day of the entry into force of this Federal Law and continue such processing after the day of its entry into force are obliged to send to the authorized body for the protection of rights Subject to personal data, except as provided for in article 22, paragraph 2, of this Federal Act, the notification referred to in article 22, paragraph 3, of this Federal Act shall be no later than 1 January 2008. 5. Relationship between the processing of personal data carried out by public authorities, legal entities, natural persons in the provision of public and municipal services, and the execution of State and municipal functions in OF THE PRESIDENT OF THE RUSSIAN FEDERATION OF THE PRESIDENT OF THE RUSSIAN FEDERATION OF THE PRESIDENT OF THE RUSSIAN FEDERATION (Part of the addition is the Federal Law of 05.04.2013). N 43 FZ) President of the Russian Federation Vladimir Putin Moscow, Kremlin 27 July 2006 N 152-FZ