Russia: Increase in fines for data protection offences

By Anna Shashina


On 7 February 2017, the Russian President signed a law to increase the amount of fines for data protection administrative offences which will come into effect on 1 July 2017 (the "Law"). 

Currently, the Russian Code of Administrative Offences envisages low fines for non-compliance with the statutory requirements to the data processing. The fines are usually imposed on both a company and its officer in the amount of, depending on the exchange rate, up to GBP134/USD167/Euro156 and GBP13/USD17/Euro16 respectively. 

In accordance with the Law, all data protection offences committed by a company are divided into six categories which envisage separate fines for each category of the offences. Such categories include offences which, depending on the exchange rate, may amount to the fines imposed on the company and its officer as provided below:

The Law entitles the Russian DPA to investigate the administrative offences falling into the above categories directly. The latter is likely to facilitate quicker enforcement and higher number of the offences resulting in imposing of the fines. Currently, the Russian DPA is required to provide information relating to a company's breach to a public prosecution office which is entitled to investigate an offence and then pass on the matter to court for imposing of a fine.