Personal data protection: What documents does the company need to maintain in 2020?
PERSONAL DATA PROTECTION: WHAT DOCUMENTS DOES THE COMPANY NEED TO MAINTAIN IN 2020?
Required internal documents for personal data protection
According to the Personal Data Protection Act, the Company needs to maintain the following documents on the personal data protection in 2020:
• The Company’s Act “On appointing the responsible person for the personal data protection”; • “The list of personal data” approved by the Company – this list shall contain all personal data which the Company works with; • Regulation/Policy on the personal data protection and their storage place; • “The list of individuals who have access to the personal data” approved by the Company; • Written consent from the individuals (i.e. the Company’s employees, clients, suppliers, and other individuals) for the Company to collect, process and protect their personal data. The individuals’ consent could be collected separately, or such consent could be included in the existing contract, so that the Clients do not sign too many papers. In addition to the above documents, the Company shall take numerous other measures to protect the personal data. To learn more about such measures, please follow our insights and reviews. If the Company does not maintain the required documents for the protection of personal data, and does not comply with measures to protect the personal data, the Company may face administrative, civil, or criminal liability. Administrative and criminal liability A fine for administrative violations could be from 130 US dollars to 7 000 US dollars. In case of criminal violations, the fines could go up to 34 000 US dollars, or alternatively a restriction of freedom or an imprisonment up to seven years could be imposed. Civil liability The individuals could also address the Company regarding their damages and losses incurred due to the Company not ensuring the safety and protection of their personal data. Recommendations To avoid negative consequences in the future, we recommend the Company to have all the necessary documents on personal data protection in advance, as well as to comply with measures to protect the personal data, as required by the Personal Data Protection Act.