Fines for Personal Data Violations in Russia Increase as of July 1, 2017

The Bill provides for tiering and a five to ten times increase of fines for violation of personal data laws for individuals, company officers and legal entities.² Although the increase of fines is still unsubstantial, it shows governmental attention to personal data protection in Russia and demonstrates the tendency towards tightening the rules in this sphere.

In particular, the Bill provides for the following fines:

Processing of personal data inappropriate for the objectives of personal data collection will lead to the imposition of an administrative fine on company officers ranging from RUB 5,000 (approx. USD 83.00) to RUB 10,000 (approx. USD 167.00), and on legal entities ranging from RUB 30,000 (approx. USD 500.00) to RUB 50,000 (approx. USD 833.00);
Processing of personal data without the consent of the subject of the personal data where such consent was required under the law³ or failure to comply with the requirements for the mandatory information to be included in a written personal data processing consent⁴ will lead to the imposition of a fine on company officers ranging from RUB 10,000 (approx. USD 167.00) to RUB 20,000 (approx. USD 333.00), and on legal entities ranging from RUB 15,000 (approx. USD 250.00) to RUB 75,000 (approx. USD 1250.00);
Failure by the personal data operator to publish its personal data processing policy or otherwise make it publicly available will lead to the imposition of an administrative fine on company officers ranging from RUB 3,000 (approx. USD 50.00) to RUB 6,000 (approx. USD 100.00), and on legal entities ranging from RUB 15,000 (approx. USD 250.00) to RUB 30,000 (approx. USD 500.00);
Failure by the personal data operator to provide information to the personal data subject relating to the processing of his/her personal data⁵ will lead to the imposition of an administrative fine on company officers ranging from RUB 4,000 (approx. USD 67.00) to RUB 6,000 (approx. USD 100.00), and on legal entities ranging from RUB 20,000 (approx. USD 333.00) to RUB 40,000 (approx. USD 667.00).
Failure by the personal data operator to comply within the prescribed period with a request to update or block or delete personal data where such personal data are incomplete, not up to date or inaccurate, or were obtained on nonlegal grounds, or are not appropriate for the specified objectives of the processing will lead to a fine on company officers ranging from RUB 4,000 (approx. USD 67.00) to RUB 10,000 (approx. USD 167.00), and on legal entities ranging from RUB 25,000 (approx. USD 471.00) to RUB 45,000 (approx. USD 750.00).
Failure by the personal data operator that carries out non-automated processing of personal data to ensure security of any material media containing such personal data or to prevent unauthorised access thereto if this has resulted in unauthorised or accidental access to such personal data; the destruction, modification, blocking, copying, provision or dissemination of such personal data; or any other unauthorised acts in respect of such personal data will lead to the imposition of an administrative fine on company officers ranging from RUB 4,000 (approx. USD 67.00) to RUB 10,000 (approx. USD 167.00), and on legal entities ranging from RUB 25,000 (approx. USD 417.00) to RUB 50,000 (approx. USD 833.00);
Failure by a governmental authority or municipal body to depersonalise personal data or to comply with the existing requirements or procedures fordepersonalisation of personal data will lead to a warning or imposition of an administrative fine on officials ranging from RUB 3,000 (approx. USD 50.00) to RUB 6,000 (approx. USD 100.00). After the Bill is approved by the Federation Council and signed by the Russian President, the new fines become effective as of July 1, 2017.

By Dmitri V. Nikiforov, Partner, Anna V. Maximenko, International Counsel, Elena M. Klutchareva, Associate, Debevoise & Plimpton

Information on the Bill is available at http://asozd2.duma.gov.ru/main.nsf/%28Spravka%29?OpenAgent&RN=683952-6&02.
Pursuant to the current version of Article 13.11 of the Code of Administrative Offences of the Russian Federation (the “Code”), failure to comply with the procedure for collection, storage, use or dissemination of personal data set forth by the law may lead to the imposition of an administrative fine on company officers ranging from RUB 500 to RUB 1,000, and on legal entities ranging from RUB 5,000 to RUB 10,000.
E.g., written consent for processing of personal data is required for cross-border transfer of personal data to a jurisdiction that does not provide for adequate protection of rights of personal data subjects (Article 12 of Federal Law No. 152-FZ on Personal Data dated 27 July 2006) (the “Personal Data Law”).
Such information is specified in Article 9 of the Personal Data Law.
A list of such information is provided in Article 14 of the Personal Data Law.

Sidebar

Navigation

BDV Advises Kommunalkredit Austria on EUR 25 Million Facility for Star Energy Group

Filip & Company Advises One United Properties Shareholders on Sale of 234 Million Shares

Clifford Chance Advises PIB Group on Entering Romanian Insurance Brokerage Market Through Stein Bestasig

Rymarz Zdort Maruta and DLA Piper Advise on Weglokoks Acquisition of 80% Stake in Gdansk's Port Polnocny

TGS Baltic Advises Coinvest Capital on Closing Chazz Investment

Allen & Overy and Greenberg Traurig Advise on Mutares Acquisition of Eltel Networks Energetyka and Engineering

MFW Fialek and Grant Thornton Advise on Sale of Bioproten to Eneris

Janusz Dzianachowski and Marcin Schulz Appointed New Managing Partners at Linklaters Warsaw

Lextal Law Firms Rebrand Under New Shared Name: Widen

Did You Know: 12-Month Dispute Leaderboard in CEE

Albania's Renewables, Start-Ups, and Gaming Revival: A Buzz Interview with Anisa Rrumbullaku of CR Partners

Hot Practice in Moldova: Carolina Parcalab on ACI Partners' Competition Practice

The Season of Change in Croatia: A Buzz Interview with Martin Hren of NLaw

Romania’s High-Risk High-Reward 2024: A Buzz Interview with Adrian Chirvase of Popescu & Asociatii

CEELM10 Interview: A Decade of Banking in Slovenia

The Inside Track: In-House Legal Budgets 2024

Inside Insight: Interview with Tomislav Pifar of Infobip

The Inside Track: Parting Ways

Inside Insight: Interview with Gabija Kuncyte of Compensa Life Vienna Insurance Group

Inside Insight: Interview with Kamila Dutkowska-Wawrzak of Panattoni

Inside Insight: Interview with Bige Yucel of Siemens

Fines for Personal Data Violations in Russia Increase as of July 1, 2017

Tools

Typography

By Dmitri V. Nikiforov, Partner, Anna V. Maximenko, International Counsel, Elena M. Klutchareva, Associate, Debevoise & Plimpton

Our Latest Issue

Artificial Intelligence Regulatory Landscape: EU and Ukraine

Recent Changes in Hungarian E-Commerce and Consumer Protection Regulations

MFW Fialek Advises Develia on Joint Venture with Rockbridge-Managed Investment Funds

Clifford Chance Advises Nofar Energy on EPC and O&M Agreements with CRJ Renewables

Turunc Advises Bogazici Ventures on Investment in Retter.io

BDV Advises Kommunalkredit Austria on EUR 25 Million Facility for Star Energy Group

Filip & Company Advises One United Properties Shareholders on Sale of 234 Million Shares

Clifford Chance Advises PIB Group on Entering Romanian Insurance Brokerage Market Through Stein Bestasig

Rymarz Zdort Maruta and DLA Piper Advise on Weglokoks Acquisition of 80% Stake in Gdansk's Port Polnocny

TGS Baltic Advises Coinvest Capital on Closing Chazz Investment

News Categories

Latest News

More Analysis

Latest Analysis and Commentary

In-House Categories

Latest In-House

Tools

Typography

Share This

By Dmitri V. Nikiforov, Partner, Anna V. Maximenko, International Counsel, Elena M. Klutchareva, Associate, Debevoise & Plimpton

Our Latest Issue

Filip & Company Advises One United Properties Shareholders on Sale of 234 Million Shares