Against the stream. How to provide explosive growth to a business in a crisis
Alexander Kuklev, co-owner and head of the Novosibirsk company Benkoni, who managed to increase profits several times over in five crisis years, tells how small businesses can survive the crisis…

Continue reading →

How to capture a leader in captivity of eternal love
Albina Iskakova lists five principles that will help to establish effective contact with the leader: from methods of formulating information to finding his “Achilles heel” Want to capture the leader…

Continue reading →

When should a manager intervene in conflicts between employees?
Olga Gritsenko describes the most popular conflict patterns within the work team and explains in which cases the leader should intervene and “break the parties”, and in which cases this…

Continue reading →

From scratch: how we pulled the company to compliance with the law on personal

Nikita Eremenko shares her professional experience and explains how to bring the company’s work on collecting personal data on the Internet into compliance with the law
2017 added a headache to everyone who works with personal data. The changes also affected us – a small St. Petersburg company that delivers ready-made dinners. I’ll tell you how in two weeks we were insured against the punishment of the state. The article is useful for those who start a business or have not been interested in the topic before.

Appreciated the sudden Russian legislation

Law No. 152-FZ “On Personal Data” was adopted in 2006. But its implementation was attended only after 11 years, in July 2017. Then amendments to the law on administrative offenses related to Persians came into force.

At first, entrepreneurs dismissed: they say, adding some ticks to the site, drawing up some politicians, not before. Then they learned about real fines and started scratching the back of their head.

I read the 152-FZ and the comments of lawyers, figured one to one – and I realized this. If you have a website, and at least registration with an login and email is screwed on, you are already a personal data operator. The state believes that even the guest book on “” should comply with the requirements of the law. Not to mention the delivery, which takes orders online.

The penalties for violations are such that it’s cheaper to put things in order. If the legal entity falls into the hands of Roskomnadzor, they will be fined 75 thousand rubles. And to reach compliance with the law, it is enough to add an additional page to the site and a couple of checkmarks. Costs – several thousand rubles.

In our company, the fundamental decision was made as follows:

– Gleb Alexandrych, we need to create a policy according to the data and finalize the site.
“Friends, she will not run away.” Let’s postpone it for a while, and then after a while we’ll get busy when we are all aware.
– Gleb Alexandrych, well, do you want a fine for a company of one hundred thousand?

Of course he doesn’t want to. Good received, and the honorary duty to complete the project was entrusted to me – the chief marketer of the company. Who else, of course.

Looked at the privacy policy

A company that collects personal data must pack this information in a special document – “Personal Data Processing Policy”. It is assumed that before entering data, a person reads a policy and clearly fixes agreement with it.

Therefore, the first is to write a competent policy. Roskomnadzor even made official recommendations, but without a black belt on the clerical office it’s hard to figure them out. Therefore, I did not write anything from scratch and decided that I would go the other way.

I buried myself in the counterparts and looked at how direct competitors and large electronics retailers did. The logic is simple: no matter what the site is selling, the mechanics are about the same. Foreign policy can be taken as a sample if you collect similar types of data: name, phone number, place of residence and so on.

I decided that in drawing up a trust policy, big business deserves. He usually has money, and it is beneficial to sue him. Even for a trifle reason. Therefore, large companies set the standards so that the mosquito nose does not tarnish.

After searching for several hours, I realized: in fact, all politicians are the same. To get a good and understandable result, you just need to weed out the most monstrous examples with dozens of paragraphs and subparagraphs. As a result, we crossed the policies of the electronics store and flower delivery, rewriting in human form without bureaucracy.

Our version may seem scanty, but it has everything you need. We worked with this policy for two years without problems and comments of Roskomnadzor

The minimum required to comply with the law is to write down exactly what data you collect and how you use it. So that the user understands that you will not call and breathe into the phone after registration. Or what will happen if this is included in the plans.

It is also necessary to mention in the text how to request deletion of data (in our case, write to a special email).

When approving policies within the company, many copies broke around data transfer. We send customers emails and SMS, for this we use special services. Still cleans for us the name of typos and finds the gender of customers. Colleagues believed that this should be mentioned. I spent some time gathering arguments against bloating politics.

Firstly, we are already reporting: we will use the data to notify about promotions and contests. The client sees everything is in order. Secondly, you need to separate the controller and data processors.
The controller collects and stores the user’s personal data; it has all the information;
Processors are engaged only in secondary processing, receiving from the controller some emails and some name in a vacuum. This is not even personal data.
As a controller, it’s enough for us to warn that we will use customer data for notifications. I made up the policy for four hours: a couple of hours for searching and compiling the rules, another hour for rewrite.

How HR can enhance corporate learning
Many companies arrange corporate training, but not everyone gets the result that was dreamed of. And the point is not always the negligence of a contractor who teaches somehow. Sometimes…


Called for interrogation to the tax: go or not?
Andrei Shvetsov explains what to do if you or your employees were summoned for questioning by the tax office: is it worth going or sending a representative and is it…


Company self-employment - benefits and risks
Nadezhda Golub lists the main risks and benefits for the organization from working with self-employed, describes the interaction procedure and legislative framework In 2019, from January 1, a tax experiment…


In what cases can a tax check come to you
Gleb Shevchenko explains which companies and for what reasons may fall under an unscheduled field tax audit, tells how to avoid possible risks The main reason for conducting an on-site…