Federal Law No. 19-FZ dated February 24, 2021 amending Article 13.11 of the Code of Administrative Offenses was published on February 24, 2021. Under this new law, fines for violation of personal data laws have been increased twofold, and repeated violations are deemed separate sets of offenses.
The limitation period for offenses related to personal data has been increased from three months to 1 year (Article 4.5(1) Code of Administrative Offenses).
December 04, 2019 What companies need to do to comply with personal data laws in the Russian Federation
More information about the changes introduced by the new law:
Offense | Current law | New law as amended (effective from March 27, 2021) |
Processing of personal data in cases not provided by Russian law, or processing of personal data for purposes other than personal data collection.
First time |
Warning or fines:
|
Fines:
|
Repeated violation | Are not deemed separate offenses | Fines:
|
Processing of personal data without the written consent of data subject to process his/her personal data when such consent must be obtained under Russian law, or processing of personal data in violation of the requirements for the information included in such consent.
First time |
Fines:
|
Fines:
|
Repeated violation | Are not deemed separate offenses | Fines:
|
Failure by the operator to meet within the deadlines set out under Russian law the requirements provided for data subjects or their representative or authorized body for protection of the rights of data subjects to rectify, block, or destroy their personal data if personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated processing purposes.
First time |
Warning or fines:
|
Fines:
|
Repeated violation | Are not deemed separate offenses | Fines:
|
Failure by the operator to fulfill the obligation provided by Russian law to publish or otherwise provide unrestricted access to the document defining the operator’s policy on personal data processing or to information on the requirements implemented to protect personal data. | Warning or fines:
|
Fines:
|
Failure by the operator to fulfill the obligation provided by Russian law to provide data subjects with information about personal data processing. | Warning or fines:
|
Fines:
|
Failure by the operator upon processing of personal data without automation tools to comply with the conditions ensuring under Russian law the safety of personal data when stored on physical media and excluding unauthorized access to personal data if this entailed illegal or accidental access to personal data, their destruction, modification, blocking, copying, provision, dissemination, or other unlawful actions. | Fines:
|
Fines:
|
Failure by an operator, which is a state or municipal body, to fulfill the obligation provided by Russian law to depersonalize personal data or non-compliance with the set requirements or methods for personal data depersonalization. | Warning or fines of RUB 3,000-6,000 for company officers. | Fines of RUB 6,000-12,000 for company officers. |
Our support
We offer advice on personal data law, help drawing up all necessary documents, and can also conduct audits of IT infrastructure.
Send message
Please describe your situation and we will find an optimal solution for your business.
info@konsugroup.com