We understand that the Russian Data Protection Authority (“Roscomnadzor") announced this spring its strategy towards data protection which will impact businesses with operations in Russia.

Roscomnadzor has reported that many businesses do not have satisfactory compliance programs in place nor sufficient resources to ensure compliance with the law. Particular concerns regarded the violation of the data minimisation principle and the lack of response to subject access requests as well as a lack of knowledge by data subjects as to their rights.

As Roscomnadzor develops their data protection strategy it is likely that legislation will be introduced to increase enforcements and fines as well as education for data subjects of their rights and sweeps of websites and processing activities by particular sectors such as banking, insurance, media and tourism.