Russia is tightening penalties in the field of personal data protection. The potentially significant fines that lay ahead go to confirm that Russian companies and foreign companies which are active on the Russian market should take personal data compliance seriously.
On 24 February 2015, the State Duma passed in the first reading, a bill amending the Russian Code on Administrative Offences (the “Bill”) (attached). The Bill proposes to (i) replace the generally worded administrative offence of breach of personal data law by several more clearly defined offences and (ii) substantially increase the corresponding fines. As can be seen from the summary table below, more serious breaches may automatically give rise to fines when the infringement is detected, whilst for less serious breaches a warning may first be served on the offending company. Corporate officials may also be held liable for the breaches of the personal data operator (however, we have not included the applicable fine ranges in our summary table).