Penalties for Violation of Data Localization Rules are Increased

image.png

On 2-nd December 2019, a new law introducing fines for non-compliance with the personal data localization requirement came into force. The law applies both to international and local companies. Those which fail to process Russian citizens’ data in proper ways could be fined up to ₽6 million (approximately 97,100 USD).

The original penalty for non-compliance with the Data Localization Rules was limited to blocking the data operator’s website processing personal data of Russian citizens. The new penalties feature financial penalties as well as extend responsibility to executives of the data operator (company General Director, or CEO).

Fines for the non-compliance

Offender

First-time offence

Repeated offence

Legal entity

₽ 1 000 000 – 6 000 000

(USD 16 000 – 94 000)

₽ 6 000 000 – 18 000 000

(USD 94 000 – 282 000)

Responsible manager

₽ 100 000 – 200 000

(USD 1600 – 3 200)

₽ 500 000 – 800 000

(USD 8 000 – 12 500)


Cloud4Y advise all companies handling Russian personal data to review their compliance. Build a reliable secure infrastructure compliant with Russian Federal Law FZ 152. Secure Cloud by Cloud4y will help to reduce the risks of being fined.