Federal Law of 27 July 2006 No. 152-FZ on Personal Data is the principal law governing data protection in Russia - it is based on the international instruments on privacy and data protection in certain aspects, and it contains ideas similar to those of the GDPR.
The Law on Personal Data was amended in December 2020, which came into effect on 1 March 2021 and significantly changed the legal landscape with regard to the use of publicly available personal data, while also clarifying the conditions of consent to the further processing of such data. Foreign companies operating in Russia are confronted with a variety of data privacy acts and laws that govern processing of the personal citizens’ data. Failure to comply with these acts may result in fines as well as other administrative cutoffs. This especially impacts banks and financial sector, medical foundations, travel industry, and all kinds of e-commerce businesses.
The main regulatory authority for data protection in Russia is the Federal Service for Communications, Information technology and Mass Communications Supervision - The Roskomnadzor, who are responsible for: