Avoid “lack of money”, or How Vanya regulated finances in his company
Advertising works at a loss, managers sell poorly, salaries eat up profits, income is spent on debt distribution, money is frozen in a warehouse or in a receivable. It may…

Continue reading →

5 Ways to Reduce Taxes Legally
Alexey Slyusarev shares five legal ways to optimize the tax burden of a business - from applying a tax break regime and selecting a profitable tax system, to dividing an…

Continue reading →

How to withdraw money from the settlement account of IP: bank explanations
Opening an IP and doing business using this legal form does not require special preparation from the entrepreneur, however, the withdrawal of profits and cash withdrawals can cause problems for…

Continue reading →

From scratch: how we pulled the company to compliance with the law on personal

Nikita Eremenko shares her professional experience and explains how to bring the company’s work on collecting personal data on the Internet into compliance with the law
2017 added a headache to everyone who works with personal data. The changes also affected us – a small St. Petersburg company that delivers ready-made dinners. I’ll tell you how in two weeks we were insured against the punishment of the state. The article is useful for those who start a business or have not been interested in the topic before.

Appreciated the sudden Russian legislation

Law No. 152-FZ “On Personal Data” was adopted in 2006. But its implementation was attended only after 11 years, in July 2017. Then amendments to the law on administrative offenses related to Persians came into force.

At first, entrepreneurs dismissed: they say, adding some ticks to the site, drawing up some politicians, not before. Then they learned about real fines and started scratching the back of their head.

I read the 152-FZ and the comments of lawyers, figured one to one – and I realized this. If you have a website, and at least registration with an login and email is screwed on, you are already a personal data operator. The state believes that even the guest book on “Narod.ru” should comply with the requirements of the law. Not to mention the delivery, which takes orders online.

The penalties for violations are such that it’s cheaper to put things in order. If the legal entity falls into the hands of Roskomnadzor, they will be fined 75 thousand rubles. And to reach compliance with the law, it is enough to add an additional page to the site and a couple of checkmarks. Costs – several thousand rubles.

In our company, the fundamental decision was made as follows:

– Gleb Alexandrych, we need to create a policy according to the data and finalize the site.
“Friends, she will not run away.” Let’s postpone it for a while, and then after a while we’ll get busy when we are all aware.
– Gleb Alexandrych, well, do you want a fine for a company of one hundred thousand?

Of course he doesn’t want to. Good received, and the honorary duty to complete the project was entrusted to me – the chief marketer of the company. Who else, of course.

Looked at the privacy policy

A company that collects personal data must pack this information in a special document – “Personal Data Processing Policy”. It is assumed that before entering data, a person reads a policy and clearly fixes agreement with it.

Therefore, the first is to write a competent policy. Roskomnadzor even made official recommendations, but without a black belt on the clerical office it’s hard to figure them out. Therefore, I did not write anything from scratch and decided that I would go the other way.

I buried myself in the counterparts and looked at how direct competitors and large electronics retailers did. The logic is simple: no matter what the site is selling, the mechanics are about the same. Foreign policy can be taken as a sample if you collect similar types of data: name, phone number, place of residence and so on.

I decided that in drawing up a trust policy, big business deserves. He usually has money, and it is beneficial to sue him. Even for a trifle reason. Therefore, large companies set the standards so that the mosquito nose does not tarnish.

After searching for several hours, I realized: in fact, all politicians are the same. To get a good and understandable result, you just need to weed out the most monstrous examples with dozens of paragraphs and subparagraphs. As a result, we crossed the policies of the electronics store and flower delivery, rewriting in human form without bureaucracy.

Our version may seem scanty, but it has everything you need. We worked with this policy for two years without problems and comments of Roskomnadzor

The minimum required to comply with the law is to write down exactly what data you collect and how you use it. So that the user understands that you will not call and breathe into the phone after registration. Or what will happen if this is included in the plans.

It is also necessary to mention in the text how to request deletion of data (in our case, write to a special email).

When approving policies within the company, many copies broke around data transfer. We send customers emails and SMS, for this we use special services. Still dadata.ru cleans for us the name of typos and finds the gender of customers. Colleagues believed that this should be mentioned. I spent some time gathering arguments against bloating politics.

Firstly, we are already reporting: we will use the data to notify about promotions and contests. The client sees everything is in order. Secondly, you need to separate the controller and data processors.
The controller collects and stores the user’s personal data; it has all the information;
Processors are engaged only in secondary processing, receiving from the controller some emails and some name in a vacuum. This is not even personal data.
As a controller, it’s enough for us to warn that we will use customer data for notifications. I made up the policy for four hours: a couple of hours for searching and compiling the rules, another hour for rewrite.

Company self-employment - benefits and risks
Nadezhda Golub lists the main risks and benefits for the organization from working with self-employed, describes the interaction procedure and legislative framework In 2019, from January 1, a tax experiment…


5 Ways to Reduce Taxes Legally
Alexey Slyusarev shares five legal ways to optimize the tax burden of a business - from applying a tax break regime and selecting a profitable tax system, to dividing an…


“The Invisible Leader,” or Why Should Someone Follow You?
Dmitry Trepolsky gives advice to top managers on effective communication within the work team, gives examples of real situations Effective leadership is often identified with excellence. How justified is this…


Licensing issues for certain types of services: massage rooms, salt caves and brain machines
Juliana Osina understands the issue of compulsory licensing of such types of services as massage and spa massage, mind machines, salt caves, explains which of them can be attributed to…