The Ministry of Digital Development of the Russian Federation has determined a list of indicators of the risk of violation of the requirements for state supervision over the processing of personal data (PD). The corresponding draft order has been published on the portal of regulatory legal acts.

The document contains two indicators that serve as a pretext for Roskomnadzor for unscheduled inspections of compliance with the legislation on PD processing without interaction with the auditee.

The first one involves cases when the data operator does not fulfill the requirements for clarification, blocking, destruction of inaccurate or illegally obtained PD within six months. The second indicator describes the practice when the regulatory authorities receive information that the operator has been distributing or providing access to PD databases on the Internet within six months.

The ministry believes that the measure will have a positive effect on the control over compliance with the legislation in the field of PD by operators.

Earlier, the Ministry of Digital Development proposed to equate anonymized data with personal data. According to the bill, operators will not be able to use any additional information that helps to determine the ownership of personal data by a specific subject.

Original (in Russian)