In 1980, the Organisation for Economic Co-operation and Development (OECD), which sed to establish a comprehensive data protection system across Europe, published its “Council recommendations on privacy guidelines and cross-border flows of personal data.”  The seven principles of the OECD`s privacy recommendations were: in February 2008, Jonathan Faull, the head of the EU`s internal commission, complained about the US bilateral policy on PNR data.  In February 2008, the United States signed a Memorandum of Understanding (MOU) with the Czech Republic in exchange for a visa-free regime, without first consulting Brussels.  Tensions between Washington and Brussels are mainly due to the lower level of data protection in the United States, especially since foreigners do not benefit from the US Privacy Act of 1974. Other countries eligible for bilateral Memorandums of Understanding were the United Kingdom, Estonia (Germany) and Greece.  3.6 In order to transmit personal data outside the Russian Federation, the operator must generally ensure, prior to this transmission, that the rights of those concerned in the destination country are adequately and sufficiently protected. In 1989, German reunification revealed data collected by the Stasi in the GDR, which increased the demand for privacy in Germany. At that time, West Germany already had access protection laws (federal data protection law) since 1977. The European Commission has recognised that different data protection rules between EU Member States are impeding the free flow of data within the EU and has therefore proposed the Data Protection Directive. In most cases, the Federal Telecommunications Service is responsible only for data stored or processed in Russia. Nevertheless, the legal effects of Russian data protection legislation apply to data already transmitted outside Russia when the rights of persons whose personal data was collected and processed with devices in Russia were violated before or during such a transfer (for example. B, an operator has transmitted personal data to a country where personal data is not adequately protected without the prior consent of a person concerned). In this case, the Federal Telecommunications Office may take action against the operators in order to protect the rights of persons with personal data and to impose fines for violating the Data Protection Act. The legislation gives personal persons certain rights to personal data held about them.
These include: to prove compliance with the RGPD, the person in charge of the processing must take measures in accordance with the principles of data protection by design and by default. Article 25 provides that data protection measures are taken into account in the development of business processes for products and services. Among these measures is the pseudonymization of personal data by the person in charge of processing as soon as possible (considering 78). It is the responsibility and responsibility of the processor to take effective action and demonstrate compliance with processing activities, even if the processing is carried out by a data processor on behalf of the processor (point 74).  3.4.2 The purpose and legal reasons for the handling of personal data; Personal data should not be processed at all unless certain conditions are met.