Federal Law No. 152-FZ «On Personal Data» is in effect in Russia. It protects citizens from the illegal collection and processing of their personal information, as well as the transfer thereof into the wrong hands. Personal data (PDN) is any information about individuals, which can be used to identify a person — for example, first and last name, ID data with a photo, and even a phone number.
Things you should know about Federal Law No. 152-FZ
What is this law?
Who is affected by the Federal Law No. 152-FZ?
Why comply with the law?
How to comply with Law No. 152-FZ?
What is the liability for violating Law No. 152-FZ?
Take care of personal data protection
Using our cloud makes you already compliant with Federal Law No. 152-FZ
You don’t have to pay extra for Law No. 152-FZ compliance if you use the Selectel cloud platform or VMware. You only pay for the infrastructure; in turn, it helps you comply with the law and gives you all the benefits of a public cloud: scalability, flexibility, and a high SLA level.
Compliance with one provider
As your company grows, the required level of PD security can increase. Some companies need to have their systems certified. We can certify your PDIS and have the infrastructure meet Level 1, the maximum level of PD security.
Security services and Law No. 152-FZ
To fully meet the requirements for your system, you can use Selectel’s added information security services. We can help you pick a solution from our range of information security services.
We have solutions for various systems
Selectel has the necessary licenses from the Federal Service for Technical and Export Control and the Federal Security Service to provide personal data protection services. We cooperate with companies with different requirements for the security of personal data: from online stores to government information systems.
How to choose IT-infrastructure compliant with Law No. 152-FZ
Understand if certification of systems is necessary
When processing any personal data, you need to assess the efficiency of measures to protect PD (Paragraph 4, Part 2 of Article 19 of Law No. 152-FZ). The exact procedure of such assessment may vary. Depending on the form of efficiency assessment, the company receives an efficiency assessment certificate or report.
Whether certification is required often depends on the type of processed data and the field in which the company operates. Certification is conducted by an FSTEC licensee, as it imposes additional restrictions on the operation of the information system.
Proper choice of the efficiency assessment form will help you implement the necessary measures to protect PD and reduce the cost of compliance with Law No. 152-FZ, as certification often turns out to be more expensive in implementation and subsequent operation.
Required for state and municipal systems. Commercial companies may need a certification if they connect to certain public systems, or in order to meet contract requirements. Among others, this applies to medical organizations, B2G services, financial and insurance companies.
Efficiency certification report
Compulsory for all personal data operators in accordance with Paragraph 4, Part 2 Article 19 of Law No. 152-FZ. This is a less formal procedure that does not require the mandatory use of certified means of protection. Companies conduct such assessment themselves or use an FSTEC-licensed contractor.
Determine data security level
1. What personal data is processed in your system?
2. Whose data is processed?
Select your infrastructure
Select the infrastructure depending on the level of data security needed and whether the system needs to be certified.
For enterprise-level cloud infrastructure and VMware clients
Comply with other Law No. 152-FZ requirements
Compliance with Law No. 152-FZ and the protection of personal data are not only limited to the properly chosen infrastructure and the technical measures taken. The law requires organizing data collection and handling processes in the company in accordance with certain rules, as well as preparing supporting documents. One of these is commissioning the processing of personal data, needed when transferring PD, to third parties under the requirements of Paragraph 3, Article 6 of Law No. 152-FZ. Commissioning for Selectel cloud servers, VMware-based clouds, and certified data centers.
Shared responsibility for Law No. 152-FZ compliance
We will help you comply with Russian laws
We understand how complicated compliance with Russian Federal Law No. 152-FZ can be, and we are here to help. If you have any questions on infrastructure compliant with Federal Law No. 152-FZ, send a request, and we’ll contact you within one business day.