Roskomnadzor website check: how to work with personal data correctly and avoid blocking

Discover tools, trends, and innovations in eu data.
Post Reply
mdabuhasan
Posts: 185
Joined: Tue Jan 07, 2025 5:00 am

Roskomnadzor website check: how to work with personal data correctly and avoid blocking

Post by mdabuhasan »

In the context of increased control by Roskomnadzor, compliance with personal data legislation is becoming critically important for any organization that interacts with such data. Failure to comply with established requirements may result in significant fines and other sanctions, including blocking of the site.

This article will help you understand how to properly design a website to comply with current legislation.
Here you will also find instructions on how to fill out an application for registration in the register of personal data operators of the Federal Service for Supervision of Communications, Information Technology and Mass Media.
Do you want to receive a full package of documents for posting on the website?

Leave your contact information in whatsapp number list the application form at the end of the article
Write "Download documents" in the "Tell me about the task or project" field
We will send the materials to your email!
We are also ready to consult on compliance with the law and prepare your site for inspection by RKN: make the necessary modifications and post the documentation. If you need help or have any questions, write to us [email protected]

Main obligations of the personal data operator
According to Federal Law No. 152-FZ “On Personal Data”, any organization that collects, stores or processes personal data is obliged to:

Register in the register of personal data operators.
Ensure that the site has the necessary documents.
Organize the process of obtaining consent for data processing from users.
Notify users about the collection and use of cookies and analytics services.
What documents must be posted on the website to collect personal data?
To comply with legal requirements, the following elements must be placed on the site.

1. Contact information and details
According to Federal Law No. 149-FZ “On Information”, the website owner is obliged to post information about himself: the name of the organization, address, email, OGRN and INN.

There are no requirements for placing contact information in a specific part of the site. Usually they are placed in the footer of the site. It is desirable that the "Contact Information" section displays (or allows downloading) the full details of the organization with the name, legal address, actual address, OGRN, INN, KPP, bank details.

Contact information on the website
Example of placing links to the Privacy Policy and Contacts

2. Policy on the processing of personal data (privacy policy)
The policy regarding the processing of personal data must be posted on the website if the website has at least one contact collection form, a personal account registration form or a feedback form. The document must contain a description of what data is collected, for what purpose and how it is processed.

When collecting cookies and using Google Analytics and/or Yandex.Metrica services on the site, it is necessary to indicate this information in the Personal Data Processing Policy . It is mandatory to mention the collection of data through cookies and the use of third-party analytical systems (for example, Yandex.Metrica).

Cookie Collection Information
Websites start collecting cookies immediately after a user enters the site. It is not enough to show the user a pop-up message like "By continuing to use this site, you agree to the terms ..." (browse-wrap agreement) when they first visit the site. Now such a message must contain:

link to the full text of the privacy policy;
a list of the user's actions that will be qualified as acceptance of the terms of the agreement (for example, registration on the resource, sending messages via web forms on the resource, downloading files posted on the resource, using the resource's function to search for information/files on the resource, etc.) either in the message itself or as a link to the relevant clause of the user agreement.
The window should remain displayed until the user agrees to the terms.

When collecting cookies, it is recommended that the notification be placed immediately upon the visitor's transition to the site in the form of a pop-up window, using the following wording:

By continuing to use our site, you agree to the processing of user data in accordance with the Privacy Policy* (IP address; web browser version; device information (type, manufacturer, model); screen resolution and number of screen colors; Flash version; Silverlight version; the presence of ad blocking software; the presence of Cookies; the presence of JavaScript; OS and Browser language; time spent on the site; user actions on the site) for the purpose of determining site traffic.

Information about the use of web analytics services on the site
When using web analytics services on the site, you must also indicate the scope of use of the service and provide a link to the Policy on the processing of personal data of the relevant service.

As a rule, the Policy is placed in the footer of the site, but it can be placed in any other place, the main thing is that users have free access to the document. RKN requires additional notification about the collection of metric data, placing information about this, for example, through a pop-up window:

By continuing to use our site, you agree to the processing of user data by the Yandex.Metrica metric system in accordance with the terms of the YANDEX LLC Privacy Policy (https://yandex.ru/legal/confidential/) for the purpose of determining user behavior on the site for internal analytics.

Can be combined with the cookie window using
Top
Post Reply

Return to “EU Data”