Stanislav Rumyantsev
-
8 September 2023
This Q&A guide gives a high-level overview of the data protection laws, regulations, and principles in the Russian Federation, including the main obligations and processing requirements for data controllers, data processors, and other third parties. It also covers data subject rights, the supervisory authority's enforcement powers, and potential sanctions and remedies. It briefly covers rules applicable to cookies and spam.
Read more -
8 September 2023
A Q&A discussing obligations for private-sector data controllers in the Russian Federation to notify, register with, or obtain authorization from the data protection authority under the Russian Federation's comprehensive data protection law before processing personal data. It also discusses any requirements for data controllers to appoint a data protection officer (DPO) and any applicable notification or registration obligations relating to DPO appointments.
Read more -
17 March 2023
On 1 March 2023, amendments to article 12 of the Federal Law on Personal Data No.152-ФЗ dated 27 July 2006 (PDL) established transfer impact assessments and filings with the data protection authority as the pre-conditions for cross-border personal data transfers. In certain cases, Russia may suppress outgoing data flows in an extra-judicial procedure. This article outlines the legislative changes and suggests how the affected companies should comply.
Read more -
2 September 2022
In Summer 2022, Russia significantly amended its Personal Data Law. This article outlines the key amendments and provides guidance on how businesses can ensure their compliance.
Read more -
10 December 2021
On 22 November 2021, Russia registered 13 IT corporations, including Google, Apply, Zoom, Twitter and TikTok, which must open offices in Russia by 2022 and comply with the recently adopted onshoring law. Other internet businesses should stay on alert since the law may still apply to them.
Read more -
16 July 2021
On 1 July 2021 a new law requiring online businesses to obey the national laws and register with the Russian authorities took effect. By the end of 2021, internet companies must open offices in Russia.
Read more -
5 May 2021
This country-specific Q&A provides an overview of Data Protection & Cyber Security laws and regulations applicable in Russia.
Read more
For a full list of jurisdictional Q&As visit here -
23 February 2021
Beginning March 1, 2021, Russia will impose restrictions on the processing of personal data publicly available on the internet and offline. The legislative changes are aimed at fighting the uncontrolled dissemination of personal information.
Read more -
12 February 2021
The General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and the Federal Law of 27 July 2006 No. 152-FZ on Personal Data ('the Law on Personal Data') both aim to guarantee protection for individuals' personal data and apply to organisations that collect, use, or share such data. Both laws share similar provisions, for example, in relation to legal basis for processing. However, the Law on Personal Data differs from the GDPR in some significant ways.
Read more -
10 February 2021
From 1 January 2021, Russia-based employers must comply with new requirements regarding their remote employees. The amendments to the Labour Code triggered by the COVID-19 pandemic significantly change the work management of many companies. This article highlights some of the new rules and provides employers with guidance on their next steps.
Read more -
10 December 2019
On 02 December 2019, Russia put into effect a new law introducing hefty fines for non-compliance with the personal data localization requirement. The law may affect international and local companies who fail to process Russian nationals’ data in certain ways within the borders of that country.
Read more -
21 June 2019
Stanislav Rumyantsev of Gorodissky & Partners discusses recent case law in relation to web analytics and cookies
Read more -
1 March 2019
On 30 January 2019 a website owner appealed a judgment of the Tagansky First-Instance District Court of Moscow – which had restricted access to a website due to personal data breaches – to the Moscow City Court (02-4261/2018).
Read more -
13 February 2019
The Council of Europe ('CoE') issued a Protocol ('the Protocol') Amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data ('Convention 108') in October 2018. The signing of the Protocol by Russia may facilitate cross-border transfers of personal data between Russia and other signatories of Convention 108. Stanislav Rumyantsev, Senior Lawyer at Gorodissky & Partners, discusses the differences between Russian data protection law and that of the EU, and the amendments Russia may need to make in order to harmonise its laws with the provisions of Convention 108.
Read more -
18 September 2018
The EU General Data Protection Regulation (GDPR) applies internationally and can encroach on the national laws of non-EU countries. In Russia, international companies must fulfil the requirements of both the GDPR and local laws, even though they may contradict each other. This article sets out practical solutions to the main data privacy compliance challenges in Russia.
Read more