Question 1: Are the employees' full name, position, e-mail address indicated in the signature at the end of the letter personal data?
Yes, as full name, e-mail address and position identify a person - it is personal data. (In accordance with paragraph 1 of Article 3 of the Federal Law of July 27, 2006 No. 152 “On Personal Data”, personal data means any information relating to a directly or indirectly identified or defined individual (subject of personal data). In our opinion, non-targeted collection of such data within the framework of business correspondence should not be considered as processing, but if this data was collected in CRM, in this case it is already processing.
Question 2: Is the photo in the personal file biometric data?
If it is an ordinary photo like, for example, a scan of a passport photo, then no. In our opinion, biometric data are those data that allow by the person's face, outlines and other things to give access to a room, application, etc. Therefore, a mere photograph will not be biometric data.
- Federal Law dated 27.07.2006 N 152 “On Personal Data”
Question 3. Is it necessary to obtain an employee's consent before publishing his/her photo in the company's social networks?
Yes, it is necessary. The law on personal data requires consent to disseminate such information that is available to a wide range of people. Consent is also required to publish data such as full name, title, etc.
- Federal Law of 27.07.2006 N 152 “On Personal Data”
Question 4: Is it necessary to hide an employee's personal data when transferring it to the archive?
The law on archiving does not require this, but we recommend marking this document as archival in internal documents. It is not necessary to delete the data, it remains in the archive and the Personal Data Protection Act does not apply to it. You can keep them in the archive, but using them for uploading to the system, sending marketing materials, etc. is prohibited under the Personal Data Protection Act.