The topic of personal data protection is increasingly relevant for businesses and individuals. Personal data includes any information about an individual that helps to identify him. In this regard, disputes about the protection of personal data are increasingly arising between individuals and large companies that massively process personal data and risk large amounts of such data. Companies that process personal data are called “operators”. Disputes most often occur in connection with the leakage of personal data or their excessive processing: when operators request more data from individuals than is necessary for the purpose for which they process the data.
Our experienced lawyers will help you understand the specifics of the organization of personal data protection in the company and in resolving disputes that arise in this area. We help to organize the work on the processing of personal data, resolve disputes and fully accompany them during their resolution.
Who protects personal data in the Republic of Belarus
The operators of personal data in the Republic of Belarus include Belarusian organizations and individual entrepreneurs. Operators are obliged to organize the protection of personal data. Operators are companies and individuals who conduct business and at the same time process personal data of individuals themselves or jointly with other operators. The processing of personal data includes any action with them: collection, systematization, storage, modification, depersonalization, distribution, deletion of personal data, etc.
Each company that processes personal data must create a special department or appoint employees who control the processing of data within the organization.
There is a state body in the Republic of Belarus that checks whether operators comply with the legislation on personal data. This is the National Center for Personal Data Protection (NCPD). Importantly, the NCPD considers complaints regarding the processing of personal data. Such a complaint must be filed within three months from the day when the author of the complaint found out about the violations.
What is the Register of Personal Data Operators
The NCPD will create a state database ”Register of Personal Data Operators“ from January 1, 2024. Consequently, the Register will include information about information resources (systems). With the help of which, in particular, personal data of more than 100 thousand adult individuals and more than 10 thousand individuals under 16 years of age, information about resources for processing biometric and (or) genetic personal data are processed.
Personal data operators need to enter information into the Register no later than January 15, 2024.
What disputes in the field of personal data are most common
Disputes in the field of personal data may arise between an individual and the operator or between the operator and the NCPD.
- Disputes between an individual and an operator
Such disputes are most often related to excessive personal data that the operator requests from an individual. Such data is not objectively necessary for the purposes for which the operator collects personal data. For example, for the delivery of goods from an online store, data on the identification number of an individual or his place of work is objectively not needed. An individual may complain about the excessive processing of personal data to the operator himself and request that the excess personal data be deleted or send a complaint to the NCPD. In the latter case, the operator may receive a check and fines are possible.
It is important to check and correct, if necessary, the list of personal data and the purposes of their processing, which companies prescribe in the form of consent to the processing of personal data.
- Disputes between NCPD and operators
Such disputes may arise as a result of checking the requirements for the protection of personal data in the company. Most often, disputes are related to the leakage of personal data, their insecurity, and dissemination without the consent of individuals. This is usually caused by imperfection of the software, intentional actions, or happens from ignorance of the legislation on personal data protection.
Our experienced lawyers can audit the company’s internal documents on personal data issues. If necessary, our experts can develop the necessary documents.
What is the responsibility for violations in the field of personal data protection?
1. Disciplinary responsibility of employees
Disciplinary liability can be applied to employees of the company who, by virtue of their duties, must control the processing of personal data, process them and fail to cope.
2. Fine
Administrative fines may be applied by the court to individuals and organizations for violations in the field of personal data. For example, for failure to protect personal data, the fine for an organization can range from 20 to 50 basic units. Taking into account the fact that the base value is 37 rubles, the amount of the fine can be from 740 to 1850 rubles. Court decisions can be appealed within 10 days from the date of the announcement.
3. Compensation for damage
In court, you can claim compensation for damage caused to individuals during the processing of their personal data. The victim of the actions or omissions of the personal data operator has the right to compensation for damages and moral damage. Before going to court, it makes sense to offer a person or organization in writing to voluntarily compensate for the damage. It is possible that the operator or his employee will voluntarily pay the requested amount. Otherwise, the amounts of damages and moral damage are recovered in court. Our experienced lawyers can accompany the news of the recovery process or organize a defense.
For comparison, the GDPR provides only fines for violations in the protection of personal data and their leakage.
Contact us
If you have any questions about the personal data in the Republic of Belarus – we will be happy to help you! Our long-term experience in this field will help you in resolving any disputes.
Phone and email communication options are available for your convenience:
- +375293664477 (WhatsApp/Telegram/Viber);
- info@ambylegal.by.
