The State Duma passed a bill to increase fines for violations regarding personal data. Presumably, it will come into force in July of this year.
The bill establishes administrative liability for the following actions for the processing of personal data:
• processing of personal data in extra-statutory cases;
• without written consent from the person who is the subject of the personal data;
• with violation of the requirements for the composition of information included in consent on the processing of personal data;
• processing of personal data that is incompatible with the purposes for the gathering of the personal data;
Penalties for these offenses regarding the collection of personal data will be:
- for officials - from 5 000 to 20 000 rubles,
- for companies - from 15 000 to 75 000 rubles.
In addition, the bill also provides for the liability for personal data operators for failure to perform or the untimely performance of their duties.
So, responsibility is established for the following actions (lack of actions):
• Lack of unlimited access to the policy of processing and protecting personal data;
• failure to provide information concerning the processing to the person who is the subject of the personal data – the individual;
• failure to comply with the requirements of the subject of the personal data (or its representative) or the authorized body to block or destroy incomplete, inaccurate, obsolete, illegally received or unnecessary personal data;
• failure to ensure the protection of personal data contained on material carriers, if the consequence was unauthorized access to the subject’s personal data;
The penalty for these offenses is as follows:
- for officials - from 3 000 to 10 000 rubles,
- for companies - from 15 000 to 50 000 rubles.
It should be noted that, with due regard to changes in the Draft Law, several fines for each of the committed offenses may be imposed on an officer and / or an intruder company.