According to Valery Pushchin

rakhirhif8963 · Post by **rakhirhif8963** » Wed Feb 12, 2025 7:22 am

Government Resolution No. 146 of 13.02.2019 "Rules for the Organization and Implementation of State Control and Supervision over the Processing of Personal Data" expanded the powers of Roskomnadzor to access personal data information systems (PDNIS) in the viewing and information retrieval mode during on-site inspections to assess the legality of personal data processing activities, and to involve the prosecutor's office in the event of obstruction of such inspections. Control over personal data operators without interacting with them was introduced through systematic monitoring of their compliance with requirements when posting information on the Internet. Based on the results of observations, the operator may be required to eliminate the violation or provide an explanation; if there is no response to the regulator's actions, the latter may draw up an administrative protocol.

Another evidence of the tightening of regulation of the iran whatsapp data of personal data is the draft amendments to the Code of Administrative Offenses of the Russian Federation, presented in the summer of 2018, which provide for fines for the lack of proper control by personal data operators over the actions of personal data processors who are entrusted with this processing.

, in 2018, the first inspection reports appeared, conducted by the FSB and FSTEC in private commercial organizations to determine their compliance with technical measures to protect information, including those applicable to personal data. Fortunately, the inspections were not widespread, and experts have not yet assessed their validity or the possibility of appealing them.

Valery Pushchin advises: in order to identify those responsible for the security of personal data in cloud infrastructures — regardless of the cloud architecture, be it a private or public cloud, SaaS, PaaS or IaaS services — from the standpoint of fulfilling the requirements of the Law "On Personal Data", in each specific case it is necessary to identify the administrators of data centers, physical servers, DBMS, virtualization tools, operating systems, the cloud platform used, application solutions, system technical support providers, service outsourcers (accounting, personnel records, various types of consulting ...). Their list can be supplemented by certification centers of electronic signatures, fiscal data operators, customer acquisition agents ... It happens that all the above-mentioned owners turn out to be a single legal entity, but more often these are still different legal entities united by contractual relations (in which, alas, the terms of personal data processing are not always spelled out).