Liability for several violations in the field of personal data protection has been tightened

Federal Law No. 589-FZ of December 12, 2023, introduced amendments to the Russian Code of Administrative Offenses to strengthen liability for violating established requirements in personal data protection.
For the processing of personal data without the written consent of the subject of personal data in cases where such consent must be obtained, as well as for the processing of personal data in violation of established requirements, an administrative fine may be imposed:
  • for individuals — in the amount of 10,000 to 15,000 rubles (previously from 6,000 to 10,000 rubles);
  • for company official representative- from 100,000 to 300,000 rubles (previously from 20,000 to 40,000 rubles);
  • for legal entities — from 300,000 to 700,000 rubles (previously from 30,000 to 150,000 rubles).

An increased fine is provided for repeated commission of the specified administrative offense.

Fines for posting and updating biometric personal data of a subject in violation of established requirements have also increased. Now, the penalty will be:
  • for company representative — in the amount of 100,000 to 300,000 rubles;
  • for company — from 500,000 to 1,000,000 rubles.