For whom
For companies that have a website, application forms, mailings, CRM, HR processes, personal accounts, application processing, AI tools or integrations related to personal data.
What we check
Forms, checkbox consents, personal data policy, absence of cookies and trackers, application storage, integration with CRM and instant messengers, access rights, consent log for voluntary requests, DSAR process, AI processing and backend logs.
What we do
We are preparing a list of risks, documents, requirements for frontend/backend, consent-log architecture, subject application form, rules for the absence of cookies/trackers, recommendations for storing and deleting data.
Artifacts
Personal data policy, consent, no-cookie and no-tracker policy, DSAR page, form and backend requirements, implementation checklist and list of questions for legal review.
Important
We do not promise "full compliance" without auditing a specific environment. The correct wording: “we help bring the site and processes to the requirements of Federal Law No. 152-FZ.”
First step
Express audit of the site and forms: what data is collected, where it is stored, what consents are available, what documents are published and how consent is recorded.
Risks and limitations
Before launch, the boundaries of the environment, data sources, information security requirements, access roles, integrations, process owners and operational restrictions are fixed. This reduces the risk of a formal implementation that does not work in the customer's actual architecture.
Result Artifacts
- description of the business problem and success criteria;
- target architecture or process design;
- integration and data requirements plan;
- list of risks, restrictions and control points;
- roadmap of implementation, pilot or development.
Frequently asked questions
When should the solution be launched?
When a task is repetitive, impacts risk or money, and requires linking multiple systems, data, or teams.
Is it possible to start with the pilot?
Yes. The pilot helps test the hypothesis, data, integrations and constraints before production implementation.
What restrictions are fixed in advance?
Access, data, regulation, timing, integration, operation, process owners and acceptance criteria.
Partner solutions for protecting personal data
In projects under Federal Law No. 152-FZ, RESTART can assemble a technological environment from solutions for protected workstations and servers, CIPF, firewalling, DLP, DBF/DAM, masking and access control. Depending on the architecture, Security Code, Confident, InfoTEX, UserGate, DAMASCUS, Garda, InDEED and Kaspersky are applicable.
Security code
regulatory information security, NGFW, VPN, endpoint, virtualization
Confidential
NSD, trusted download, VI, WAF, regulatory projects
InfoTEX
CIPF, VPN, crypto gateways, HSM, PKI, CII
UserGate
NGFW, SUMMA, SIEM, LogAn, Client, SecaaS
DAMASCUS
masking, tokenization, dynamic data protection
Garda
DLP, DBF, Data Masking, NDR, WAF, Anti-DDoS
InDEED
Identity Security, IAM, PAM, ITDR, MFA, IdM
Kaspersky
endpoint, EDR/XDR, KATA, threat intelligence
Partners are listed as the technology backbone of the solution class. The specific composition of products, versions, licenses, certificates and delivery conditions are confirmed before the project.
Let's discuss your environment
Describe the task, current systems, constraints, and expected results. We will offer a practical first step: diagnostics, pilot, audit, roadmap or project team.
