Russia: Adopted Bill by the State Duma amending the Code of Administrative Offences including fines for noncompliance with cybersecurity measures resulting in data breaches (Bill No. 502104-8)

Description

Adopted Bill by the State Duma amending the Code of Administrative Offences including fines for noncompliance with cybersecurity measures resulting in data breaches (Bill No. 502104-8)

On 27 November 2023, the Bill amending the Code of Administrative Offences of the Russian Federation, including fines for noncompliance with cybersecurity measures resulting in data breaches (Bill No. 502104-8), was adopted by the Federal Council. The Bill introduces obligations for operators to notify the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) in the event of personal data breaches and reduces exceptions allowing data processing without notification. The Bill imposes fines for failing to notify personal data processing, ranging from RUB 100,000 to 300,000, with higher fines for unlawful data transfers (up to RUB 10 million). Data breaches result in fines based on the volume of leaked data, ranging from RUB 3 million to 10 million, with repeated violations leading to fines of up to 3% of annual revenue, capped at RUB 500 million.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
legislature
Government Body
parliament

Complete timeline of this policy change

Hide details
2023-12-04
under deliberation

On 4 December 2023, the Bill amending the Code of Administrative Offences of the Russian Federatio…

2024-11-27
adopted

On 27 November 2023, the Bill amending the Code of Administrative Offences of the Russian Federatio…