+7 (495) 646 11 20

DFG - Cloud Data Protection & Security

DFG is a certified application developed in accordance with the methodological recommendations of FSTEC and Roskomnadzor, which provides the ability to organize the processing of personal data in accordance with the law

Send a request
dfgeng

Expert report

Conclusion on compliance with the requirements of FZ

DFG Application

  • Meets the requirements

    This solution allows to transfer data to the cloud after the anonymization procedure that meets the requirements of the Order No. 996 issued on 05.09.2013 by the Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (Roskomnadzor)

  • Anonymization of personal data

    The basis of the complex product DFG is anonymization of personal data, which enables linking stored and processed information to a specific individual - first name, last name - to a token, i.e. a group of identifiers.

  • Technical means on the territory of Russia

    The data linking identity information to tokens does not leave the borders of the Russian Federation and must be stored at the customer's site or in the cloud of the Russian provider, all the technical means of which are on the territory of Russia.

The use of DFG frees the operator from the need to carry out expensive, time-consuming and technically complex work on the complete transfer of the computing infrastructure and information system to the Russian Federation and allows the use of cloud services located outside of Russia

Benefits of the DFG solution

The DFG solution can be implemented using both expansion DFG installed in the user 's browser or using a reverse proxy server. The solution includes guided DFG package and DFG server provided by Customertimes Corp.or,optionally, By the customer.

  • Reverse proxy DFG
  • Storage of personal data in DFG
  • DFG Managed Package
Reverse proxy DFG
  • Sending personal data obtained when users work with products on the Salesforce platform (Sales Cloud, Service Cloud, Commerce Cloud, Partner Community Portal, etc.) through the DFG server without additional configuration on the part of users.
  • Automatic interception of personal data in any browser.
  • Integration with the standard CT Mobile iOS application.
  • Web-to-Lead and Web-to-Case support for receiving and sending personal data from third-party sources through the DFG server.
  • The ability to restrict the list of trusted IP addresses.
Storage of personal data in DFG
  • Use of secured datacenters Dataline and Yandex.Cloud certified in accordance with FZ for storing trade data (more)
  • Updated server architecture to improve performance of DFG solution.
  • Improvements to the admin panel interface for configuring the DFG server.
  • Ability to create backup copies of settings.
  • Automatically migrate server settings created for one Salesforce org to another.
  • DFG API update to enable third-party systems to connect to the DFG service.
  • The ability to restrict the list of trusted IP addresses.
  • Support for two-factor authentication.
DFG Managed Package
  • DFG control panel for connecting the server and managing the DFG settings.
  • The ability to connect several DFG servers to send personal data of citizens in accordance with the legislation of their host country.
  • Possibility to select fields for tokenization.
  • The ability to enable event logging to speed up analysis and eliminate incidents.
  • Easy to customize conversion of Interests, which reduces the time to implement the solution.
  • Using a filter to load historical personal data.
  • SDK DFG. Support for custom triggers, including those created using batch Apex classes, to cover the Customer's business logic.

About FZ

  • 1

    Starting September 2015, all companies operating in Russia are required to store store personal data of Russian citizens on servers physically located in Russia.

    (Article 2 of Federal Law dated July 21, 2014 No. 242-FZ "On Amendments to Certain Legislative Acts of the Russian Federation regarding the Procedure for Processing of Personal Data in Information and Telecommunications Networks", Federal Law dated December 31, 2014 No. 526-FZ "On Amendments to Article 4 of Federal Law "On Amendments to Certain Legislative Acts of the Russian Federation regarding the Procedure for Processing of Personal Data in Information and Telecommunications Networks").

    According to the Law, "while collecting personal data, including through information and telecommunications network Internet, the operator is obliged to ensure recording, systematization, accumulation, storage, clarification (updating, changing), and extraction of personal data of Russian citizens with the use of databases located on the territory of the Russian Federation." This requirement is especially relevant for organizations using cloud services located outside the Russian Federation.

  • 2

    Personal data, except for some of their categories, belongs to restricted information and must be protected under the laws of the Russian Federation.

    In accordance with the Federal Law dated 27.07.2006 No. 152-FZ "On Personal Data", "while processing personal data, the operator is obliged to take the necessary legal, organizational and technical measures or to ensure their acceptance for the protection of personal data against unauthorized or accidental access, destruction, modification, blocking, copying, supply, distribution of personal data, as well as other illegal action in relation to personal data." (Article 19, Part 1).

  • 3

    Confidentiality is not required only for the anonymized or public personal data, as well as personal data subject to publication or to mandatory disclosure in accordance to the law.

    Moreover, the law "On Personal Data" actually equates depersonalization of personal data to destruction. Thus, in accordance with paragraph 7 of Article 5 of the Law, the processed personal data must be destroyed or anonymized upon achieving the goals of processing or if achieving these goals is no longer necessary.

Want us to show you how DFG can help your business?

Request a presentation of the solution or an individual demo, and we will customize the system for you according to your processes

Send a request

Services

  • DFG application
    implementation
  • Storage of personal data in accordance with FZ
  • Compliance with FZ
DFG application implementation

CT Consulting developed DFG as a unique toolset for depersonalization and storage of personal data. The solution has broad functionality, scalability, and is fully compliant with the legislation and personal data protection regulators.

DFG consists of 3 components:

  • Reverse-Proxy module with a filter that tracks work with personal data (can be replaced with a browser plugin)
  • Service for storing and depersonalizing personal data
  • Salesforce Managed Package is responsible for the validation of the DFG complex from Salesforce
Compliance with FZ

We provide the necessary technical conditions for compliance with FZ. If necessary, our partners are ready to assist in fulfilling all the requirements of the Federal Law "On Personal Data" governing the organization of processing and ensuring the security of personal data:

  • Documentation development in full compliance with the requirements of the state regulatory bodies in the field of personal data and its protection;
  • Readiness for Roskomnadzor inspection
  • Expert consultations

Why choose DFG?

  • Easy handling
  • We have been protecting personal data since 2015
  • Innovative architecture
  • Compliance with the requirements of Federal Law "On Personal Data" (FZ152) and the regulatory legal acts adopted pursuant to that Law with regard to the procedure of personal data anonymization

  • No additional equipment or software needed
  • Safe access to corporate resources from any location without violating the requirements on the territoriality of databases for Russian citizens

Send request for a connection DFG

Please leave your email address and we will get back to you as soon as possible.

    Thank you for your request!

    We will be in touch with you shortly

    • A reliable Russian integrator

    • Successful implementations in 68 countries of the world

    • Successful work and unique experience

    Frequently Asked Questions DFG

    • 1
      DFG Technical Documentation
    • 2
      Personal data

      Any information relating directly or indirectly to a specific or identifiable person (subject of personal data):

      • Surname, name, patronymic,
      • Year, month, date and place of birth,
      • The address, family, социальное, property status, образование, профессия, income,
      • Other information (look FZ152, article 3).
    • 3
      Personal data operator

      A state body, a municipal body, a legal entity or an individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes and content of the processing of personal data, the composition of personal data to be processed, actions (operations) performed with personal data.

    • 4
      Personal data processing

      Any action (operation) or a set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), use, distribution (including transfer), depersonalization, blocking, deletion, destruction of personal data.

    • 5
      Anonymization of personal data

      Actions, as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without using additional information.