Employee Data Privacy

Russia - Fines and Penalties

 Download as a PDF

What are the penalties for noncompliance with any applicable data protection laws?

Noncompliance with data privacy laws and data breaches may lead to sanctions, fines, and penalties. The amounts are usually calculated according to the risk to which personal rights were exposed and the preventive measures taken by the data controllers, processors and sub-processors in relation to their respective role in the chain of personal data processing.

Employers who violate data protection laws in Russia may be subject to administrative, criminal and civil penalties. Penalties may include:

  • administrative fines on legal entities and/or company officials for: (1) data processing without appropriate legal grounds or for excessive data processing; (2) data processing without written consent or in breach of requirements for written consent; (3) failure to provide easy access to the privacy policy or not having a privacy policy; (4) failure to handle a data subject’s access request; (5) failure to follow the requirements for data specification, blockage or deletion; (6) violating requirements for manual data processing, which has triggered unlawful data processing or unauthorized access; (7) violating the data localization requirement;
  • being required to terminate unlawful data processing activities by the Roskomnadzor;
  • imprisonment and criminal fines for unlawfully accessing computer information which resulted in the destruction, blockage, modification or copying of computer information, as well as for illegal disclosure of information about an individual’s private life. Criminal liability may only be imposed on individuals, such as company officials, as Russian laws do not imply criminal liability for legal entities;
  • damages to individuals, including moral damages.

Administrative penalties can range from RUB 12,000 to RUB 18,000,000 depending on the violation and whether the violation was a repeat offense.

 

UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk