phone icon+7 (495) 649-87-12
divider

Changes concerning liability for the breach of rules of personal data processing


On 7 February 2017 the President of the RF signed the law, adjusting provisions concerning liability for violation of personal data legislation. The law enters into force on 1 July 2017.

The law provides for seven diversified offences in violation of personal data legislation instead of one.

Update

Section 13.11 of the Administrative Offences Code of the RF

Offence:

Personal data processing in violation of the range of information provided for in the Russian legislation or incompatible with the purposes of personal data collection in the absence of elements of a crime unless it falls under the offense mentioned below

Liability:

Caution or Penalty
• On individuals – 1000 – 3 000 rubles (≈ 16 – 48 euros)
• On civil servants – 5 000 – 10 000 rubles (≈ 81 – 162 euros)
• On legal entities – 30 000 – 50 000 rubles (≈ 486 – 810 euros)


Offence:

Personal data processing without the owner’s consent when such consent is mandatory in the absence of elements of a crime or personal data processing in violation of requirements established by the laws of the RF for the contents of owner’s consent

Liability:

Penalty
• On individuals – 3 000 – 5 000 rubles (≈ 48 – 81 euros)
• On civil servants – 10 000 – 20 000 rubles (≈ 162 – 325 euros)
• On legal entities – 15 000 – 75 000 rubles (≈ 243 – 1215 euros)


Offence:

Failure by the operator to publish or otherwise ensure unlimited access to the document, determining the operator’s policies in respect of personal data processing, and to the information, which refers to fulfillment of requirements to personal data protection

Liability:

Caution or Penalty
• On individuals – 700 – 1 500 rubles (≈ 11 – 24 euros)
• On civil servants – 3 000 – 6 000 rubles (≈ 48 – 97 euros)
• On sole proprietors – 5 000 – 10 000 rubles (≈ 81 – 162 euros)
• On legal entities – 15 000 – 30 000 rubles (≈ 243 – 487 euros)


Offence:

Failure by the operator to provide the personal data owner with the information concerning processing of his personal data

Liability:

Caution or Penalty

• On individuals – 1 000 – 2 000 rubles (≈ 16 – 32 euros)
• On civil servants – 4 000 – 6 000 rubles (≈ 65 – 97 euros)
• On sole proprietors – 10 000 – 15 000 rubles (≈ 162 – 243 euros)
• On legal entities – 20 000 – 40 000 rubles (≈ 325 – 650 euros)


Offence:

Failure by the operator to fulfill the demand to adjust, block or delete personal data if the personal data are incomplete, obsolete, inaccurate, if they were obtained illegally or are not essential for the declared purpose of processing

Liability:

Caution or Penalty

• On individuals – 1 000 – 2 000 rubles (≈ 16 – 32 euros)
• On civil servants – 4 000 – 10 000 rubles (≈ 65 – 162 euros)
• On sole proprietors – 10 000 – 20 000 rubles (≈ 162 – 325 euros)
• On legal entities – 25 000 – 45 000 rubles (≈ 406 – 731 euros)


Offence:

Failure by the operator during personal data processing without automated means, to ensure conditions, providing safety of personal data when storing tangible medium, and excluding unauthorized access, if it has led to wrongful or accidental access to personal data, their deletion, change, blocking, copying, provision, circulation, other wrongful acts in respect of personal data, in the absence of the elements of a crime

Liability:

Penalty

• On individuals – 700 – 2 000 rubles (≈ 11 – 32 euros)
• On civil servants – 4 000 – 10 000 rubles (≈ 65 – 162 euros)
• On sole proprietors – 10 000 – 20 000 rubles (≈ 162 – 325 euros)
• On legal entities – 25 000 – 50 000 rubles (≈ 406 – 810 euros)


Offence:

Failure by the operator, being a state or local body, to ensure depersonalization of personal data, as well as failure to meet the established requirements and methods of depersonalization of personal data

Liability:

Caution or Penalty

• On civil servants – 3 000 – 6 000 rubles (≈ 48 – 97 euros)


separator