Financial Crime World

Russian Law Requires Data Operators to Bear Liability for Data Breaches

Strengthening Data Privacy Protections in Russia

In a significant move aimed at enhancing data privacy protections in the country, Russian authorities have announced that data operators will be held liable for any breaches of personal data. This new regulation is expected to come into effect on [insert date] and apply to all data operators operating in Russia.

Key Requirements for Data Operators

  • Data Storage: All personal data of Russian citizens must be stored within the country’s borders, in servers, IT systems, databases or data centres located in Russia.
  • International Transfers: International transfers of personal data are only permitted if the recipient country provides adequate protection for the rights and interests of the data subject. Written consent from the data subject is also required before transferring their personal data to a foreign country.

Consequences of Non-Compliance

  • Administrative Liability: Failure to comply with these regulations can result in administrative liability, including fines and other penalties.
  • Liability for Damages: Data operators will be responsible for any damages caused by breaches of personal data, including financial losses and reputational harm.

Enforcement Powers Enhanced

Russia’s national regulator, Roskomnadzor, has announced plans to increase its enforcement powers to ensure compliance with the new regulations. The agency’s expanded responsibilities include:

  • Requests for Information: Sending out requests to individuals and legal entities to obtain necessary information on data processing.
  • Inspections: Carrying out inspections to ensure compliance with data protection legislation.
  • Rectification of False Data: Rectifying or blocking false or illegally-obtained personal data.
  • Limiting Access: Limiting access to data that is processed in breach of the data protection legislation.
  • Suspension or Termination: Suspending or terminating the processing of personal data that has been initiated by a breach of data protection legislation.

Conclusion

The new regulations are aimed at protecting the rights and interests of Russian citizens and ensuring that their personal data is handled securely and transparently. The move is seen as a significant step forward in Russia’s efforts to strengthen its data protection laws and ensure compliance with international standards.