Acsour
The President of the Russian Federation has signed a Law toughening administrative liability measures for violations in the field of personal data.
According to the amendments, starting from March 27, 2021, the new version of article 13.11 of the Code of Administrative Offenses of the Russian Federation will apply increased fines for offenses in the field of personal data (hereinafter – PD). At the same time, sanctions for such violations will be applied without the possibility of presenting a warning.
The amount of fine depends on the scope of offence. The changes are shown in more detail the table below.
| Scope of offence | Sanctions in place | Sanctions, starting from March 27, 2021 |
| Processing of PD in cases not provided for by the legislation, or processing that is incompatible with the purposes of collecting information. | Warning or administrative fine: – for officers – of 5,000 – 10,000 rubles; – for legal entities – of 30,000 – 50,000 rubles. | Administrative fine: – for officers – of 10,000 – 20,000 rubles; – for legal entities – of 60,000 – 100,000 rubles. For repeated violation, measures of punishment are increased: – for officers – a fine of 20,000 – 50,000 rubles; – for legal entities – a fine of 100,000 – 300,000 rubles. |
| Processing of PD without the written consent of the subject of the PD or processing of information in violation of the requirements for the composition of the PD. | Administrative fine: – for officers – of 10,000 – 20,000 rubles; – for legal entities – of 15,000 – 70,000 rubles. | Administrative fine: – for officers – of 20,000 – 40,000 rubles; – for legal entities – of 30,000 – 150,000 rubles. For repeated violation, measures of punishment are increased: – for officers – a fine of 40,000 – 100,000 rubles; – for legal entities – a fine of 300,000 – 500,000 rubles. |
| Failure by the PD operator to publish or otherwise provide unrestricted access to the document that defines the PD processing policy or information on information protection. | Warning or administrative fine: – for officers – of 3,000 – 6,000 rubles; – for legal entities – of 15,000 – 30,000 rubles. | Administrative fine: – for officers – of 6,000 – 12,000 rubles; – for legal entities – of 30,000 – 60,000 rubles. |
| Failure of the PD operator to provide the PD subject with information concerning the processing of its data | Warning or administrative fine: – for officers – of 4,000 – 6,000 rubles; – for legal entities – of 20,000 – 40,000 rubles. | Administrative fine: – for officers – of 8,000 – 12,000 rubles; – for legal entities – of 40,000 – 80,000 rubles. |
| The PD operator’s failure to comply with the requirements for meeting the deadlines for updating, blocking, or destroying PD in cases where they are outdated, inaccurate, incomplete, or illegally obtained. | Warning or administrative fine: – for officers – of 4,000 – 10,000 rubles; – for legal entities – of 25,000 – 40,000 rubles. | Administrative fine: – for officers – of 8,000 – 20,000 rubles; – for legal entities – of 50,000 – 90,000 rubles. For repeated violation, measures of punishment are increased: – for officers – a fine of 30,000 – 50,000 rubles; – for legal entities – a fine of 300,000 – 500,000 rubles. |
| Failure by the PD operator to comply with the conditions for storing, processing and destroying PD without using automation tools, if this led to illegal access to information, its destroying, changing, blocking, etc. | Administrative fine: – for officers – of 4,000 – 10,000 rubles; – for legal entities – of 25,000 – 50,000 rubles. | Administrative fine: – for officers – of 8,000 – 20,000 rubles; – for legal entities – of 50,000 – 100,000 rubles. |
Please be reminded that the employer has the right to receive from employees only those PD that directly relate to their labour activities (full name, date of birth, information about education, etc.). In some cases, the employee is required to obtain written consent to the processing or transfer of his or her PD.
In the matters of application of legislation on personal data, please contact specialists of Acsour Legal Department.
