The Russian practice of Berwin Leighton Paisner
(BLP), an award-winning international law firm
Stay in touch on:

News & Press

1 February 2017 Tightened liability for breach of personal data laws

Draft law No. 683952-6 “On Amendments to the Russian Federation Code of Administrative Offences”

Goltsblat BLP advises that, on 27 January 2017, at the third reading, the State Duma adopted draft law No. 683952-6 determining new offences and increasing liability for breach of personal data laws. The law is to take effect on 1 July 2017.

Current Article 13.11 of the Code of Administrative Offences discusses just a single offence, i.e., breach of the statutory procedure for collecting, storing, using or distributing data relating to individuals (personal data), the maximum punishment for legal entities being RUB 10,000 (c. USD 160).

The draft law creates seven new offences with different liability for each, the maximum punishment for a legal entity being as high as RUB 75,000 (c. USD 1200) per offence:

Offence

Fine for officers

Fine for
legal entities

Personal data processing when this is not allowed by law or is incompatible with the purpose of the personal data collection

RUB 5,000–10,000

RUB 30,000–50,000

Personal data processing without written consent or in breach of the requirements on data covered by consent

RUB 10,000–20,000

RUB 15,000–75,000

Failure to publish a document determining the personal data operator’s policy

RUB 3,000–6,000

RUB 15,000–30,000

Failure to furnish a data subject with information pertaining to personal data processing

RUB 4,000–6,000

RUB 20,000–40,000

Failure to meet a personal data subject’s demands for their personal data to be updated, blocked or destroyed

RUB 4,000–10,000

RUB 25,000–45,000

Failure to comply with the requirements on personal data security where data processing is not automated, if this results in personal data being misused

RUB 4,000–10,000

RUB 25,000–50,000

Failure by a state or municipal authority to perform their obligation to anonymise personal data

RUB 3,000–6,000

––

No explanations have been issued so far as to what will constitute an offence. It is conceivable, therefore, that fines might be levied with reference to the number of persons whose personal data were processed in contravention of the law.

These developments tighten liability considerably and are designed to encourage businesses to take extra care when processing personal data.

The new law comes in the tideway of Roskomnadzor’s 1 heightened activity involving large-scale audits of personal data law compliance by various organisations. The regulator has also scheduled a multitude of audits for 2017 (information about those due in the Central Federal District is available at the territorial office website).



print email
Share:
back to list >
Send mail
Ksenia Soboleva
Marketing and communications manager
+7 (495) 287-4444
Find events
Type choose
Areas of law choose
Industry choose
Lawyer choose
Time period
© 2009-2017 Law Firm Goltsblat BLP LLP, part of the Berwin Leighton Paisner (BLP) Group, is a limited liability partnership registered in England and Wales (registered number OC340589). Registered office: Adelaide House, London Bridge, London EC4R 9HA, United Kingdom. Winner - International Law Firm of the Year legal500 top ranked
BLP

All fields are required

CAPTCHA