The registry of personal data arrays and holders (owners) of personal data arrays (hereinafter referred to as the Registry) is a unified system of state accounting of holders (owners) and their personal data arrays, as well as lists of personal data included in certain personal data arrays.
According to Article 30 of the Law "On Personal Information", the Registry must contain:
- the name and details of the holder (owner) of the personal data array that works with the personal data array (address, form of ownership, subordination, telephone, last name, first name, patronymic of the head, e-mail, fax);
- name of the array of personal data;
- purposes and methods of collecting and using personal data;
- modes and terms of their storage;
- list of collected personal data;
- categories or groups of personal data subjects;
- sources of personal data collection;
- the procedure for informing subjects about the collection and possible transfer of their personal data;
- measures to ensure the safety and confidentiality of personal data;
- person directly responsible for handling personal data.
- the recipients or categories of recipients to whom the data may be communicated;
- alleged cross-border transfer of personal data.
Arrays of personal data and their holders (owners) containing state secrets are not subject to inclusion in the Registry.
One can find the step-by-step instructions for filling out the Registry in the User Guide for the Registry of Holders (Owners) of Personal Data Arrays. It is available here.
Also the "Help" section of the Agency's website there is a video instruction on filling out the Register.