Page 1:

RA MINISTRY OF JUSTICE
PERSONAL INFORMATION PROTECTION
AGENCY

OF STATE AUTHORITIES
PERSONAL
DATA PROCESSING
GUIDE:

YEREVAN, 2019

Page 2:

This guide is intended for the protection of personal data.
Define a state based on the provisions of the law of the Republic of Armenia
Instructions for the processing of personal data by authorities, including:
տվյալ Developer of security measures for processing personal data
responsibilities, personal data to other government agencies
responsible for the transfer of personal data protection,
Training on the right to privacy
About:
In this guide, the terms are used in the same sense as “Personal
in the Law of the Republic of Armenia "On Data Protection".
By the term "state bodies" we mean state
government or local government, state or
community institutions or organizations, and "state
By the term "employee of bodies" we mean the state
government or local government, state or
to community institutions or any employee of organizations:
regardless of the position (post), type of position, contract
type and other features.
1. The basis for processing personal data, envisaging data processing;
receiving data
Անձնական The processing of personal data by public authorities may
implemented: personal data can be collected, fixed,
entered, coordinated, organized, stored, used,
transformed, restored, transferred, corrected, blocked, destroyed,
or other action may be taken with them only
in cases directly defined by law (at the level of law) and
in order:
: In case it is necessary for the state body to use
From the basis of the agreement on the processing of personal data, it is necessary that:
that possibility (discretion) should also be provided
by law.
Նախագծ When drafting laws on personal data processing;
When implementing a legislative initiative, state bodies
2:

Page 3:

should be guided by the proportionality of personal data processing
principle, including:
- set a specific goal for the processing of personal data,
- Provide personal to achieve the set goal
Suitable for data processing, necessary և moderate means,
- provide the necessary to achieve the set goal
Minimum personal data processing
- do not plan to process personal data that:
are not necessary to achieve the set goal,
- do not provide for the processing of personal data, if defined
the goal can be achieved in a personalized way,
- provide for a period for the processing of personal data, which:
required (including archival storage)
to achieve the goal,
- provide for the processing of biometric personal data if:
The defined goal can be achieved only by that
by processing biometric data.
: A government agency can receive or process personal information
only in the case and in the manner directly prescribed by law.
2. Security of personal data, use of data
Ակում When processing personal data, the state body should:
be guided by the "Personal Data Protection" of Armenia
According to the provisions of Chapter 5 of the Law of the Republic.
✓ The state body and the employees of the state body are official or
in the line of duty, as well as:
their personal or personal data after its completion
Documents containing data are official or working
When used for their intended purpose, they must take the necessary technical steps
and

organizational

events,

Private:

Data:

protection against illegal use, recording, destruction,
from transformation, blocking, backup, distribution, etc.
to protect against interference. This applies as a state
the organization of the work of the employees of the body, as well as them
computer and other technical means used by
protection.
3:

Page 4:

Անձնական Processing personal data in information systems
The requirements for security are defined
By the decision of the RA Government.
Աշխատ An employee of a state body may not be an official or employee
personal entrusted to him in order to perform his duties
use the data for official or business purposes
not related to other, including personal purposes.
✓ If the employee of the state body is official or working
containing personal data or containing personal data
When using documents it is necessary to use personal (no
official) technical means (including telephone, computer
etc.), then the employee of the state body is a personal technician
should provide the same protection for funds as
is provided for official technical means. Opposite
in case of personal technical means of service or:
personal for work responsibilities
data processing is prohibited.
✓ If a government employee needs to consult other people
(including another employee or employee of another body) և that
for the purpose of transfer must be official or working
entrusted or known to him for purposes and not publicly available
Documents containing personal data, then a state body
The employee should be guided by "Personal Data Protection
According to the provisions of Chapter 5 of the Law of the Republic of Armenia "On
in particular, to transfer the data to another department in person
in the minimum quantity required for lawful purposes
to achieve.
Աշխատ Public body employee Electronic document circulation
When using a system (for example, "Mulberry" system) you should:
restrict access to other employees or
entrusted or known to him for work purposes and not
Documents containing publicly available personal data:
containing personal data through system settings
making the documents available only in that volume and that
employees who are out of their job responsibilities
can or should be related to the document.
4:

Page 5:

Աշխատ An employee of a state body, official or working
entrusted or known to him for purposes and not publicly available
to prevent the leakage of personal data, should not be sidelined
to persons (including other employees of the state system)
Electronic document management system (for example, "Mulberry"
system) login details: login name and
password:
Ագայում In case of dismissal of a state employee
necessary:

is:

block:

data

person:

Electronic:

The personal page of the document management system, by him other
system from technical equipment and personal purposes
to prevent access.
Կանոն The above rules also apply to material media (including:
by paper version) or by e-mail official or
Entrusted to an employee of a state body for work purposes
or known and inaccessible personal data
Restriction of access: material carrier or electronic
by means of access to mail. In particular, state
The employee of the body must use the official e-mail (if:
if available) or from an email that provides
Adequate level of data protection, e-mail
Do not provide login and password to other persons, personal data
Store the containing material in the office (desktop)
so as to prevent the leakage of personal data (documents
in a lockable drawer at the moment, when absent from the office or other persons
Do not leave documents containing personal data when accepting
in a visible place, etc.).
3. Confidentiality of personal data
Ական Personal information is not a secret in itself.
Ական Personal data may be transferred to third parties or otherwise
made available only through laws, including "Information
provided by the Law of the Republic of Armenia on Freedom
cases and procedures.
Անձնական Personal data under the direction of a state body
access to third parties or the availability of that data
5:

Page 6:

restrict personal data if necessary or
Documents containing personal data must be classified
as a secret.
✓ The state body and the employees of the state body are obliged
maintain inaccessible or inaccessible to third parties
data privacy as with personal data processing
related service or work responsibilities
during and after its completion.
4. Transfer of personal data to other state bodies
Անձնական Personal data under the management of a state body Other
can be transferred to state bodies only by law
in directly intended cases.
Անձնական Personal data under the direction of state bodies
can only be transferred to foreign state bodies
within the framework of ratified international agreements.
Անձնական Personal processing in the databases of state bodies
The procedure for transferring data electronically is defined in the Republic of Armenia
by government decision.
5. Responsible for personal data protection
Պաշտպանության Personal data protection and security
for the state body means personal data
Defense Officer
Ատու Responsible for personal data protection
personal data in case of not appointing an official
The head of a state body is responsible for defense
or the Secretary-General, as the case may be.
Ատու Responsible for personal data protection
official:
- Provides "Privacy Policy"
Personal defined by the law of the Republic of Armenia
performance of data processor responsibilities
- Ensures the connection of the state body with personal data
with the authorized body of defense, including organization

6:

Page 7:

Advice on personal data processing
receipt
- Forms and personal data protection authorized body
Introduces personal data protection to the manager
list of representatives of the state body for training
- Provides protection of personal data
Answers to citizens' inquiries and other writings
if necessary, submit them to personal data
in the opinion of the authorized body of defense,
- implements personal data by a state body
other necessary development measures.
Ատու Responsible for personal data protection
Contact details of the official (e-mail:
address, telephone number) are posted on the given state body
on the official website.
6. On the right to protection of personal data
training of state employees
Մարմնի Public body related to personal data processing
Employees must be regular (not less than three years)
once) training in personal data protection
on:
: The training is carried out by the authorized personal data body
according to the schedule and topics set by
Նախաձեռն At the initiative (proposal) of a state body and personally
may be carried out with the consent of the authorized data body
State on the right to protection of personal data
Quantity and topics necessary for the body.

7:


