Or can not notify about the processing of personal data?

Part one of Article 22 of the Federal Law of July 27, 2006 No. 152- “On Personal Data” (hereinafter referred to as the Law) provides for the obligation of the operator processing personal data to notify the Roskomnadzor body before processing. Immediately (in the second part of the article), the Law suggests the grounds on which the operator has the right not to notify about the processing. These cases are quite common. But since the Law does not prohibit notifying even if there are such cases, a number of operators choose to follow the notification path. It may be worth not to send a notification, or even think about how to get under the "exceptions". There are at least 3 reasons for this.

It is difficult to answer the question “Why?” For all those who decided to send a notification to the Roskomnadzor body if it was possible not to do it. Of course, one cannot exclude marketing campaigns (image, openness). Nevertheless, in a number of cases they are informed out of ignorance or on the basis of the posture “It is better to outbid”. I would like to draw attention to the well-known right of the operators processing personal data not to notify Roskomnadzor authorities about the processing and here for this are several reasons.

1. The person who submitted the notification of the processing of personal data must bear the burden of constantly updating the information submitted. This duty is foreseen in p.7. Art. 22 of the Act. If the operator processing personal data does not submit a notification about the change in information (changing the operator’s address, changing the categories of personal data that are processed, changing the person responsible for processing personal data and his contacts, etc.), then he may be held administratively liable. It would seem that difficult: something changed in the organization, picked up and sent a little letter. As practice shows, in most cases this is forgotten. For example, those who have risen to the Register (all those who have submitted a notice of processing are included in the Register) of operators who process personal data before July 1, 2011 were required to send in addition, by January 1, 2013, the information provided for in paragraphs 5, 7.1, 10 and 11 of 3 of Article 22 of the Law (legal basis for the processing of personal data, the name of the responsible, etc.). As can be seen from the register of operators of personal data of Roskomnadzor, more than half of the operators have not done so to date. The idea that all these organizations did not have any internal changes related to the processing of personal data is also doubtful. I suggest that you also think about whether you will keep up to date with the Registry in the long term if there is a possibility not to do this at all?
2. Roskomnadzor's authorities plan the checks of operators processing personal data using a departmental unified information system - the ENI . All operators who have submitted notifications are already in it, and therefore, the probability of hitting the audit plan increases many times. Organizations checked by Roskomnadzor in other areas (communication services, radio stations, media, broadcasting) are automatically checked for compliance with personal data legislation, if they have notified Roskomnadzor of the processing.
3. If the personal data operator decided to notify the Roskomnadzor authority about the processing, although it had the right not to do this, then it could not be excluded from the Register for the reason that it could not notify at all. This possibility is not provided for by the Law or by the corresponding Administrative Regulations. Rather, it is provided only for general reasons.

If you were going to send a notification, but the above has hooked you with something, the general guidelines are simple.

1. Carefully read (realize) Part 2 of Art. 22 of the Federal Law of the Russian Federation dated July 27, 2006 N 152- “On Personal Data”.
2. See what personal data and in connection with which are processed by you.
3. In some cases, you may need to adjust your work with personal data carriers. I will give an example that it would be clear what I mean.

One of the possibilities not to notify on the processing of personal data provided for in paragraph 2 of Part 2 of Art. 22 of the Law sounds like this

received by the operator in connection with the conclusion of a contract to which the subject of personal data is a party, if personal data is not distributed, and is not provided to third parties without the consent of the subject of personal data and is used by the operator solely for executing the said contract and concluding contracts with the personal data

So, you have concluded a contract with an individual for some kind of service. They took a mobile phone number from a person to indicate that the service is ready. In most cases, the mobile phone number is not needed for the purposes of the contract. If a mobile phone number is taken from a client, his consent to the processing of personal data is required. However, in this case, you do not fall under the exception in the Law, which allows you not to be notified about the processing of personal data.
If in the contract with this natural person to prescribe the need to have a mobile phone number for the purposes of executing the contract, then you are already claiming the right to fall under the exception.
To beat the need to have a mobile phone number for the purposes of contract execution can be something like this: “The organization undertakes to notify the client by phone number x ... x about readiness ...”.