New liability and fines for violations related to the processing of personal data

New liability and fines for violations related to the processing of personal data

On July 1, 2017, the new amendments to the Administrative Offences Code of the Russian Federation (the Administrative Code) related to the processing of personal data will come into force. The Russian Government increased the fines and also extended grounds for bringing to administrative liability by these amendments.

The current version of the Administrative Code establishes a general liability for the violation of the procedure of the collection, storage, use or dissemination of personal data. The companies and citizens who break these requirements will be notified (administrative notification) by Roscomnadzor or will be charged with the following administrative fines:

  • For citizens from 300 to 500 rubles;
  • For officials from 500 to 1,000 rubles;
  • For legal entities from 5 000 to 10 000 rubles.

The new version of the Administrative Code provides for 7 specific offenses and administrative liability for each offense. In accordance with the new version of the Administrative Code the following liability is established:

Table Personal Data

Please note that in accordance with the law, processing of personal data is an any action with personal data performed with or without IT-equipment (such as collection, recording, storage, clarification, extraction, use, transfer, including distribution, provision and access). The operator is a person who organizes or carries out the processing of personal data.

According to the current agenda of the Russian Government, increasing technical capabilities to collect and process personal data, developing e-commerce, make it necessary to attract attention and take measures to protect personal data. In this regard, special attention should be paid to companies that process personal data using the Internet, local and corporate databases, CRM systems, websites, including feedback forms.

It is also necessary to take into account the requirement of the Law on localization of personal data of Russian citizens on the territory of Russia, which came into force in 2015. The essence of these requirements is to prohibit the collection and storage of personal data of Russian citizens abroad. Companies processing personal data of Russian citizens are required to localize such databases on the territory of Russia. These requirements, as a rule, cause great difficulties and additional significant expenses for international and foreign companies operating in Russia. The databases of such companies are used by their subdivisions, branches, representative offices and affiliated companies in different countries.

TPG-Legal is ready to offer optimized legal solutions that will allow you to carry out activities in accordance with the requirements of the law, as well as to avoid significant expenses related to their technical support.

Prior to the entry into force the new fines, there is still time to verify compliance with legal requirements for the processing of personal data. TPG-Legal is ready to provide you with qualified legal support, audit for compliance with the new requirements and prepare all the necessary documents taking into account the specifics of your company’s activities. Based on the many years experience of our team in this field, we are ready to offer you solutions tested by practice, as well as solving individual problems and issues.