Search

Conformity to Law No. 152-FZ «On Personal Data»

Show your customers, clients, and Roskomnadzor that you guarantee the safety of users’ personal information and comply with legal requirements. If you choose Selectel to host your projects, your infrastructure will be compliant with Federal Law No. 152-FZ «On Personal Data».

Things you should know about Federal Law No. 152-FZ

What is this law?

Who is affected by the Federal Law No. 152-FZ?

Why comply with the law?

How to comply with Law No. 152-FZ?

What is the liability for violating Law No. 152-FZ?

Take care of personal data protection

Deploy your projects at Selectel. We will help you solve various business tasks, including storage, collection, and processing of data with the highest security requirements.

Why Selectel

Using our cloud makes you already compliant with Federal Law No. 152-FZ

You don’t have to pay extra for Law No. 152-FZ compliance if you use the Selectel cloud platform or VMware. You only pay for the infrastructure; in turn, it helps you comply with the law and gives you all the benefits of a public cloud: scalability, flexibility, and a high SLA level.

Compliance with one provider

As your company grows, the required level of PD security can increase. Some companies need to have their systems certified. We can certify your PDIS and have the infrastructure meet Level 1, the maximum level of PD security.

Security services and Law No. 152-FZ

To fully meet the requirements for your system, you can use Selectel’s added information security services. We can help you pick a solution from our range of information security services.

We have solutions for various systems

Selectel has the necessary licenses from the Federal Service for Technical and Export Control and the Federal Security Service to provide personal data protection services. We cooperate with companies with different requirements for the security of personal data: from online stores to government information systems.

How to choose IT-infrastructure compliant with Law No. 152-FZ

Understand if certification of systems is necessary

When processing any personal data, you need to assess the efficiency of measures to protect PD (Paragraph 4, Part 2 of Article 19 of Law No. 152-FZ). The exact procedure of such assessment may vary. Depending on the form of efficiency assessment, the company receives an efficiency assessment certificate or report.

Whether certification is required often depends on the type of processed data and the field in which the company operates. Certification is conducted by an FSTEC licensee, as it imposes additional restrictions on the operation of the information system.

Proper choice of the efficiency assessment form will help you implement the necessary measures to protect PD and reduce the cost of compliance with Law No. 152-FZ, as certification often turns out to be more expensive in implementation and subsequent operation.

System certification

Required for state and municipal systems. Commercial companies may need a certification if they connect to certain public systems, or in order to meet contract requirements. Among others, this applies to medical organizations, B2G services, financial and insurance companies.

Efficiency certification report

Compulsory for all personal data operators in accordance with Paragraph 4, Part 2 Article 19 of Law No. 152-FZ. This is a less formal procedure that does not require the mandatory use of certified means of protection. Companies conduct such assessment themselves or use an FSTEC-licensed contractor.

Determine data security level

The security level (SL) of the processed data determines the way in which a company protects personal data and the system in which it is processed. There are a total of four levels of protection of personal data, so take time to calculate your own.

1. What personal data is processed in your system?

2. Whose data is processed?

Select your infrastructure

Select the infrastructure depending on the level of data security needed and whether the system needs to be certified.

Comply with other Law No. 152-FZ requirements

Compliance with Law No. 152-FZ and the protection of personal data are not only limited to the properly chosen infrastructure and the technical measures taken. The law requires organizing data collection and handling processes in the company in accordance with certain rules, as well as preparing supporting documents. One of these is commissioning the processing of personal data, needed when transferring PD, to third parties under the requirements of Paragraph 3, Article 6 of Law No. 152-FZ. Commissioning for Selectel cloud servers, VMware-based clouds, and certified data centers.

Shared responsibility for Law No. 152-FZ compliance

When a personal data operator transfers data to Selectel for storage and processing, it does not disclaim its obligation to protect personal data. We are accountable to you for data security related to physical access and IT infrastructure protection. Check out our docs to see what you will be liable for when hosting your infrastructure on a dedicated server, Cloud by Selectel, or VMware-based Cloud.

We will help you comply with Russian laws

We understand how complicated compliance with Russian Federal Law No. 152-FZ can be, and we are here to help. If you have any questions on infrastructure compliant with Federal Law No. 152-FZ, send a request, and we’ll contact you within one business day.

You can always get a free consultation by calling us on  8 800 555 06 75, sending a message to  Telegram or an e-mail to  sales@selectel.ru.