Expert report
Conclusion on compliance with the requirements of FZ
DFG Application
-
Meets the requirements
This solution allows to transfer data to the cloud after the anonymization procedure that meets the requirements of the Order No. 996 issued on 05.09.2013 by the Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (Roskomnadzor)
-
Anonymization of personal data
The basis of the complex product DFG is anonymization of personal data, which enables linking stored and processed information to a specific individual - first name, last name - to a token, i.e. a group of identifiers.
-
Technical means on the territory of Russia
The data linking identity information to tokens does not leave the borders of the Russian Federation and must be stored at the customer's site or in the cloud of the Russian provider, all the technical means of which are on the territory of Russia.
Benefits of the DFG solution
The DFG solution can be implemented using both expansion DFG installed in the user 's browser or using a reverse proxy server. The solution includes guided DFG package and DFG server provided by Customertimes Corp.or,optionally, By the customer.
- Reverse proxy DFG
- Storage of personal data in DFG
- DFG Managed Package
- Use of secured datacenters Dataline and Yandex.Cloud certified in accordance with FZ for storing trade data (more)
- Updated server architecture to improve performance of DFG solution.
- Improvements to the admin panel interface for configuring the DFG server.
- Ability to create backup copies of settings.
- Automatically migrate server settings created for one Salesforce org to another.
- DFG API update to enable third-party systems to connect to the DFG service.
- The ability to restrict the list of trusted IP addresses.
- Support for two-factor authentication.
- DFG control panel for connecting the server and managing the DFG settings.
- The ability to connect several DFG servers to send personal data of citizens in accordance with the legislation of their host country.
- Possibility to select fields for tokenization.
- The ability to enable event logging to speed up analysis and eliminate incidents.
- Easy to customize conversion of Interests, which reduces the time to implement the solution.
- Using a filter to load historical personal data.
- SDK DFG. Support for custom triggers, including those created using batch Apex classes, to cover the Customer's business logic.
About FZ
-
1
Starting September 2015, all companies operating in Russia are required to store store personal data of Russian citizens on servers physically located in Russia.
(Article 2 of Federal Law dated July 21, 2014 No. 242-FZ "On Amendments to Certain Legislative Acts of the Russian Federation regarding the Procedure for Processing of Personal Data in Information and Telecommunications Networks", Federal Law dated December 31, 2014 No. 526-FZ "On Amendments to Article 4 of Federal Law "On Amendments to Certain Legislative Acts of the Russian Federation regarding the Procedure for Processing of Personal Data in Information and Telecommunications Networks").
According to the Law, "while collecting personal data, including through information and telecommunications network Internet, the operator is obliged to ensure recording, systematization, accumulation, storage, clarification (updating, changing), and extraction of personal data of Russian citizens with the use of databases located on the territory of the Russian Federation." This requirement is especially relevant for organizations using cloud services located outside the Russian Federation.
-
2
Personal data, except for some of their categories, belongs to restricted information and must be protected under the laws of the Russian Federation.
In accordance with the Federal Law dated 27.07.2006 No. 152-FZ "On Personal Data", "while processing personal data, the operator is obliged to take the necessary legal, organizational and technical measures or to ensure their acceptance for the protection of personal data against unauthorized or accidental access, destruction, modification, blocking, copying, supply, distribution of personal data, as well as other illegal action in relation to personal data." (Article 19, Part 1).
-
3
Confidentiality is not required only for the anonymized or public personal data, as well as personal data subject to publication or to mandatory disclosure in accordance to the law.
Moreover, the law "On Personal Data" actually equates depersonalization of personal data to destruction. Thus, in accordance with paragraph 7 of Article 5 of the Law, the processed personal data must be destroyed or anonymized upon achieving the goals of processing or if achieving these goals is no longer necessary.
Services
-
DFG application
implementation -
Storage of personal data in accordance with FZ
-
Compliance with FZ
We provide personal data storage services in the certified data center with the information security requirements in the Russian Federation.
Certificates and licenses for activities in the field of information security and communications services as a data center partner:
- License of FSTEC of Russia for activity on development and production of confidential information protection means
- License of FSTEC of Russia for activity on technical protection of confidential information
- License of Federal Security Service for activities related to the use of encryption (cryptographic) means
- License for provision of data transmission services
- License for provision of communication services / granting communication channels
- License for provision of telematic services
- Certificate of compliance with PCIDSS safety requirements
- Certificates of compliance with ISO / IEC 27001 safety requirements
- Dataline Certificate of Conformity
- Dataline licenses
- Yandex.Cloud licenses
We provide the necessary technical conditions for compliance with FZ. If necessary, our partners are ready to assist in fulfilling all the requirements of the Federal Law "On Personal Data" governing the organization of processing and ensuring the security of personal data:
- Documentation development in full compliance with the requirements of the state regulatory bodies in the field of personal data and its protection;
- Readiness for Roskomnadzor inspection
- Expert consultations
Why choose DFG?
-
Easy handling
-
We have been protecting personal data since 2015
-
Innovative architecture
-
Compliance with the requirements of Federal Law "On Personal Data" (FZ152) and the regulatory legal acts adopted pursuant to that Law with regard to the procedure of personal data anonymization
-
No additional equipment or software needed
-
Safe access to corporate resources from any location without violating the requirements on the territoriality of databases for Russian citizens
Send request for a connection DFG
Please leave your email address and we will get back to you as soon as possible.
Thank you for your request!
We will be in touch with you shortly
-
A reliable Russian integrator
-
Successful implementations in 68 countries of the world
-
Successful work and unique experience
Frequently Asked Questions DFG
-
2Personal data
Any information relating directly or indirectly to a specific or identifiable person (subject of personal data):
- Surname, name, patronymic,
- Year, month, date and place of birth,
- The address, family, социальное, property status, образование, профессия, income,
- Other information (look FZ152, article 3).
-
3Personal data operator
A state body, a municipal body, a legal entity or an individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes and content of the processing of personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
-
4Personal data processing
Any action (operation) or a set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), use, distribution (including transfer), depersonalization, blocking, deletion, destruction of personal data.
-
5Anonymization of personal data
Actions, as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without using additional information.