We understand that draft changes are being considered in Russia to the current data protection law focusing on enforcement and fines.

The Code of Administrative Offences expands the current fines to a range of categories from unlawful processing of personal data, to failure to provide transparent Privacy Notices, and failure to keep data secure.

The fines are extremely low (less than €1,000).

The proposals are however an indication that the Russian law is moving gradually towards an EU style approach to data protection enforcement and fines.