Personal data protection in the European Union: basic provisions and what to look for
Information on the Internet needs to be protected, especially personal data. So, when registering on sites on the Internet, we enter our personal data, which are stored in automated systems. Collection, storage, use of personal data should be regulated by law.
It should be noted that since May 25, 2018, a Directive has been in effect on the territory of the European Union, according to which the personal data of residents of the European Union is protected. The provisions of the Directive should also be taken into account by Belarusian companies, whose function is to provide financial and other services to citizens. In addition, the provisions of the Directive are binding on the subjects of the European Union who work with personal data.
According to the Directive, employers or other persons who process personal data must be guided by the following principles:
– proportionality and expediency;
– a ban on the dissemination of “sensitive” personal data (information about race, ethnic origin of a person, etc.);
– the legality of the processing and use of personal data (as a general rule, the processing of personal data requires the written consent of the subject of personal data, i.e. the person whose data is processed).
Law of the Republic of Belarus “On the Protection of Personal Data”: when it comes into force
The Law of the Republic of Belarus “On the Protection of Personal Data” was adopted by the House of Representatives of the Republic of Belarus on April 2, 2021, approved by the Council of the Republic on April 21, 2021. This legislative act was officially published in the National Register of Legal Acts of the Republic of Belarus on May 14, 2021.
The entry into force of the Law is governed by the final provisions of the Law itself. Thus, the norms of the Law establish that Articles 1 to 19 of the Law “On the Protection of Personal Data” come into force 6 months after the official publication, and the rest of the articles – immediately after the official publication.
Thus, the Law “On the Protection of Personal Data” will fully enter into force on November 15, 2021.
The concept of “personal data”: what is included in it
The Law of the Republic of Belarus “On the Protection of Personal Data” as such means any information relating to an identified natural person or to a person who can be identified.
Personal data is a broad concept. Thus, the Law distinguishes between biometric, genetic and special personal data. Biometric personal data include, in particular, fingerprints, iris and others, i.e. physiological signs of a person. Genetic personal data includes hereditary information, and special ones include a person’s race, religious and other views, and other specific data.
Regulation on the protection of personal data: development, content, approval
At the enterprise, in the organization, the Regulation on the protection of personal data must be developed and approved. This is a local legal act that is binding on the employer in relation to employees.
The Regulation is developed in accordance with the Law of the Republic of Belarus “On the Protection of Personal Data” and should contain general provisions, the definition of the concept of “personal data”, methods of accounting and storage of personal data, the procedure for making changes and additions to the Regulation.
The regulation on the protection of personal data is approved by the head of the enterprise, who signs it and affixes the seal of the organization.
Personal data operator in Belarus
In fact, any organization is the operator of personal data, tk. this concept includes any legal entity, individual, individual entrepreneur, as well as a state body that processes personal data.
The operator of personal data determines the purposes of processing and storing personal data and bears responsibility established by law for the unlawful use or storage of this information.
Is it necessary to include a provision on the protection of personal data in employment contracts
When hiring, the employer, in accordance with the law, requests the personal data of the employee. So, the employer can provide for the provision of the employee’s autobiography, characteristics from the previous place of work, information about the employee’s family members, a medical certificate of health and other information.
To date, the introduction of a clause on the protection of personal data in the employment contract by the employer is not necessary, however, many employers still make a provision that the employee agrees to the processing, storage and collection of his personal data by the organization. Sometimes a separate document is drawn up – a consent signed by the employee.
Disclosure of personal data in Belarus: responsibility
As mentioned above, the operator of personal data can process personal data, and even more so disclose them, only with the consent of the subject of personal data.
If the operator of personal data unlawfully (without consent) discloses personal data, then he bears administrative and even criminal responsibility for his actions.
Article 23.7 of the Code of the Republic of Belarus “On Administrative Offenses” establishes that for the disclosure of personal data, the operator of personal data may be punished with a fine. The amount of the fine, depending on the severity of the offense, ranges from 4 to 200 basic units.
For the disclosure of personal data, criminal liability has also been established, the punishment in this case can be quite severe. Thus, the Criminal Code of the Republic of Belarus provides for a punishment of up to five years in prison for this crime.