Type of offence
|
Potential liability (current version)
|
Potential liability (new version) |
Processing personal data without a proper legal basis (except for consent), or inconsistently with purposes of data collection |
(i) Warning;
(ii) Fine:
- individuals: RUB 1,000 (approx. EUR 11) to RUB 3,000 (approx. EUR 33);
- officers: RUB 5,000 (approx. EUR 56) to RUB 10,000 (approx. EUR 112);
- legal entities: RUB 30,000 (approx. EUR 335) to RUB 50,000 (approx. EUR 559).
|
First breach:
(i) Warning (removed);
(ii) Fine:
- individuals: RUB 2,000 (approx. EUR 22) to RUB 6,000 (approx. EUR 67);
- officers: RUB 10,000 (approx. EUR 112) to RUB 20,000 (approx. EUR 224);
- legal entities: RUB 60,000 (approx. EUR 670) to RUB 100,000 (approx. EUR 1,117).
Repeated breach:
Fine:
- individuals: RUB 4,000 (approx. EUR 44) to RUB 12,000 (approx. EUR 134);
- officers: RUB 20,000 (approx. EUR 224) to RUB 50,000 (approx. EUR 559);
- individual entrepreneurs: RUB 50,000 (approx. EUR 559) to RUB 100,000 (approx. EUR 1,117);
- legal entities: RUB 100,000 (approx. EUR 1,117) to RUB 300,000 (approx. EUR 3,352).
|
Processing personal data without written consent (if required), or a failure to meet the content-related requirements for written consents |
Fine:
- individuals: RUB 3,000 (approx. EUR 33) to RUB 5,000 (approx. EUR 56);
- officers: RUB 10,000 (approx. EUR 112) to RUB 20,000 (approx. EUR 224);
- legal entities: RUB 15,000 (approx. EUR 168) to RUB 75,000 (approx. EUR 838).
|
First breach:
Fine:
- individuals: RUB 6,000 (approx. EUR 67) to RUB 10,000 (approx. EUR 112);
- officers: RUB 20,000 (approx. EUR 224) to RUB 40,000 (approx. EUR 447);
- legal entities: RUB 30,000 (approx. EUR 335) to RUB 150,000 (approx. EUR 1,676).
Repeated breach:
Fine:
- individuals: RUB 10,000 (approx. EUR 112) to RUB 20,000 (approx. EUR 224);
- officers: RUB 40,000 (approx. EUR 447) to RUB 100,000 (approx. EUR 1,117);
- individual entrepreneurs: RUB 100,000 (approx. EUR 1,117) to RUB 300,000 (approx. EUR 3,352);
- legal entities: RUB 300,000 (approx. EUR 3,352) to RUB 500,000 (approx. EUR 5,587).
|
Failure to publish (or otherwise provide access to) privacy policy or information on data security measures |
(i) Warning;
(ii) Fine:
- individuals: RUB 700 (approx. EUR 8) to RUB 1,000 (approx. EUR 11);
- officers: RUB 3,000 (approx. EUR 33.5) to RUB 6,000 (approx. EUR 67);
- individual entrepreneurs: RUB 5,000 (approx. EUR 56) to RUB 10,000 (approx. EUR 112);
- legal entities: RUB 15,000 (approx. EUR 168) to RUB 30,000 (approx. EUR 335).
|
(i) Warning;
(ii) Fine:
- individuals: RUB 1,500 (approx. EUR 17) to RUB 3,000 (approx. EUR 33.5);
- officers: RUB 6,000 (approx. EUR 67) to RUB 12,000 (approx. EUR 134);
- individual entrepreneurs: RUB 10,000 (approx. EUR 112) to RUB 20,000 (approx. EUR 224);
- legal entities: RUB 30,000 (approx. EUR 335) to RUB 60,000 (approx. EUR 670).
|
Failure to provide a data subject with information on processing of his/her personal data |
(i) Warning;
(ii) Fine:
- individuals: RUB 1,000 (approx. EUR 11) to RUB 2,000 (approx. EUR 22);
- officers: RUB 4,000 (approx. EUR 45) to RUB 6,000 (approx. EUR 67);
- individual entrepreneurs: RUB 10,000 (approx. EUR 112) to RUB 15,000 (approx. EUR 168);
- legal entities: RUB 20,000 (approx. EUR 224) to RUB 40,000 (approx. EUR 447).
|
(i) Warning;
(ii) Fine:
- individuals: RUB 2,000 (approx. EUR 22) to RUB 4,000 (approx. EUR 45);
- officers: RUB 8,000 (approx. EUR 89) to RUB 12,000 (approx. EUR 134);
- individual entrepreneurs: RUB 20,000 (approx. EUR 224) to RUB 30,000 (approx. EUR 335);
- legal entities: RUB 40,000 (approx. EUR 447) to RUB 80,000 (approx. EUR 894).
|
Failure to meet the data subject’s request to amend, block or destroy his/her personal data, if such data is incomplete, obsolete, incorrect, illegally received or is not necessary for a stated processing purpose |
(i) Warning;
(ii) Fine:
- individuals: RUB 1,000 (approx. EUR 11) to RUB 2,000 (approx. EUR 22);
- officers: RUB 4,000 (approx. EUR 45) to RUB 10,000 (approx. EUR 112);
- individual entrepreneurs: RUB 10,000 (approx. EUR 112) to RUB 20,000 (approx. EUR 224);
- legal entities: RUB 25,000 (approx. EUR 279) to RUB 45,000 (approx. EUR 506).
|
First breach:
(i) Warning;
(ii) Fine:
- individuals: RUB 2,000 (approx. EUR 22) to RUB 4,000 (approx. EUR 45);
- officers: RUB 8,000 (approx. EUR 89) to RUB 20,000 (approx. EUR 224);
- individual entrepreneurs: RUB 20,000 (approx. EUR 224) to RUB 40,000 (approx. EUR 447);
- legal entities: RUB 50,000 (approx. EUR 559) to RUB 90,000 (approx. EUR 1,006).
Repeated breach:
Fine:
- individuals: RUB 20,000 (approx. EUR 224) to RUB 30,000 (approx. EUR 335);
officers: RUB 30,000 (approx. EUR 335) to RUB 50,000 (approx. EUR 559);
- individual entrepreneurs: RUB 50,000 (approx. EUR 559) to 100,000 (approx. EUR 1,117);
- legal entities: RUB 300,000 (approx. EUR 3,352) to RUB 500,000 (approx. EUR 5,587).
|
Failure to ensure security of material media bearing personal data and processed without automatic means where such failure results in unauthorised access to personal data, and/or their deletion, alteration, blocking, copying, distribution or other illegal actions |
Fine:
- individuals: RUB 700 (approx. EUR 8) to RUB 2,000 (approx. EUR 22);
- officers: RUB 4,000 (approx. EUR 45) to RUB 10,000 (approx. EUR 112);
- individual entrepreneurs: RUB 10,000 (approx. EUR 112) to RUB 20,000 (approx. EUR 224);
- legal entities: RUB 25,000 (approx. EUR 279) to RUB 50,000 (approx. EUR 559).
|
Fine:
- individuals: RUB 1,500 (approx. EUR 17) to RUB 4,000 (approx. EUR 45);
- officers: RUB 8,000 (approx. EUR 89) to RUB 20,000 (approx. EUR 224);
- individual entrepreneurs: RUB 20,000 (approx. EUR 224) to RUB 40,000 (approx. EUR 447);
- legal entities: RUB 50,000 (approx. EUR 559) to RUB 100,000 (approx. EUR 1,117).
|