Russia: Federation Council adopted Bill on Amendments to the Code of the Russian Federation on Administrative Offences including penalties for personal data violations (Bill no. 782240-8)

On 27 November 2024, the Federation Council adopted the Bill on Amendments to the Code of the Russian Federation on Administrative Offences, including penalties for personal data violations (Bill no. 782240-8). The Bill establishes rules on administrative penalties for violations related to the processing and protection of personal data. It allows fines imposed on credit institutions to be calculated based on the amount of their own funds (capital), with a maximum threshold set at 3% of this value. The Bill also introduces a new provision enabling courts to reduce the amount of administrative fines for certain violations of personal data legislation, provided that the company under investigation fulfils a defined set of conditions prior to the issuance of a penalty. These conditions include evidence of the operator’s annual expenditure over the previous 3 years and actions taken to bring data processing into compliance. In such cases, the fine may be reduced to one-tenth of the minimum penalty established for the offence, but must still fall within the range of no less than RUB 15 million and no more than RUB 50 million.