Russia: Increase in fines for data protection offences
Written By
Partner
UK
I'm a partner and head of Bird & Bird's Russia Desk in London, offering over fifteen years of practical experience as a Russian qualified lawyer and native speaker to businesses entering and working in the Russian market and advising Russian companies in their outbound activities.
On 7 February 2017, the Russian President signed a law to increase the amount of fines for data protection administrative offences which will come into effect on 1 July 2017 (the "Law").
Currently, the Russian Code of Administrative Offences envisages low fines for non-compliance with the statutory requirements to the data processing. The fines are usually imposed on both a company and its officer in the amount of, depending on the exchange rate, up to GBP134/USD167/Euro156 and GBP13/USD17/Euro16 respectively.
In accordance with the Law, all data protection offences committed by a company are divided into six categories which envisage separate fines for each category of the offences. Such categories include offences which, depending on the exchange rate, may amount to the fines imposed on the company and its officer as provided below:
The Law entitles the Russian DPA to investigate the administrative offences falling into the above categories directly. The latter is likely to facilitate quicker enforcement and higher number of the offences resulting in imposing of the fines. Currently, the Russian DPA is required to provide information relating to a company's breach to a public prosecution office which is entitled to investigate an offence and then pass on the matter to court for imposing of a fine.
Latest insights
More Insights
A game-enhancer, not a game-changer: key takeaways on the new UAE Media Law penalties
5 minutes Jun 10 2025
