info@lukash.partners

Personal Data Protection

Project support for companies in accordance with the legal acts on personal data of the Russian Federation, the EU, the CIS countries, MENA and Asian region

Денис Лукаш - защита персональных данных

"Dealing with clients and solving their problems, I provide full diverse experience gained from TOP banks, developers, IT and other companies that I did or do accompany"

Denis Lukash

Managing partner of Lukash & Partners, DPO, lawyer practicing in the field of information law

Biography

Why legalizing the personal data processing?

This is mandatory under the Federal Law № 152-FZ "On Personal Data" and regulations. Roskomnadzor, FSTEC (the Federal Technical and Export Control Service), FSB (the Russian Federal Security Service), the Prosecutor's Office, the Labor Inspection, and other authorities, (including Rospotrebnadzor) monitor and check how companies comply with the law.

During the time this law has been in force, new types of sanctions have repeatedly appeared, and fines have increased several times. Today they amount to hundreds of thousands and millions of rubles. Since the processing of personal data is closely linked to a company's business processes, an order or requirement gained from Roskomnadzor (or any other authority listed above) may entail serious costs needed to change the entire business area.

Principles of our work

Our employees specialize in personal data projects, are tracking the latest legislative changes, are analyzing the best law enforcement practices, judicial practice, formal and informal views of executive authorities, leading experts and professional communities.

When the project is over, the developed policies, procedures, protection methods should not mess up with the rapid development of the Company. When performing the project, we pay attention to the implementation and management of personal data processing processes. The distraction of attention to the creation of new products and business tracks is reduced thanks to the competent customization we provide.

If a personal data protection project is performed for the only one jurisdiction and the Company operates in several jurisdictions, we carefully consider this fact when performing the local project. For example, strong compliance with the GDPR (the General Data Protection Regulation) requirements in the EU may confirm that the Company violates the requirements for localization of personal data bases prescribed by the Russian laws. In order to both successfully finish the project under the GDPR and prevent violations of the Russian legislation, we suggest to extend the scope of the projects.

The personal data exchange within the group of companies and with external companies stems from the contracts. Contracts define the flows of the pesonal data in and out of the company, as well as the purposes and possibilities of data processing within the company. If consultants (lawyers) have provided recommendations to you without examining the contracts, the project is not completed. The job has not been done.

A good personal data project should include tasks in the area of personal data risk management, creation or modification of the control environment. Lack of systematic information on accepted privacy risks is a sign of an incomplete – bad – project. Lukash & Partners specialists have the necessary competencies to manage privacy risks, IS (information security) risks and related legal risks.

Privacy-compliance is aimed at meeting the requirements of the legal acts. Ultimately, you should expect that local normative acts, company’s internal regulations, policies and contracts will be reviewed by administrative, law enforcement or judicial authorities. The mere fact that the project team does not include a specialized lawyer creates a risk. On the other hand, the automation of business processes and electronic communications requires a deep understanding of IT-systems and the principles of confidential information technical protection. Lukash & Partners employs lawyers and engineers.

When recommendations lack justification, when the documents are "confusing", when the drafts or final documents are passed to the Company in a not-finalized manner (i.e. the Company has to adjust them to their own processes on its own), then the project is not of a high quality. The Companies often realize this, but cannot find correct or systematic objections. We talk to Companies, motivate recommendations, ask for honest feedbacks and provide ours, and make the application of personal data requirements clear and business-oriented.