ALRUD Law Firm
March 2, 2016 - Russia
Systematic monitoring of the Russian Data Protection Authority
Further to our previous alert relating to inspections of the Russian Data Protection Authority (‘DPA’) we would like to draw your attention that DPA is also entitled to undertake measures of so-called systematic monitoring in order to supervise compliance of data controllers with the Russian legislation on personal data.
These measures mainly cover checking websites and information placed in a public domain. In frames of such monitoring the Russian DPA will randomly look at websites of companies within particular industries for compliance with general requirements of the Russian laws on personal data protection such as published privacy policies, registration forms, reference to a Russian server (localization law requirement), etc.
According to the clarifications of DPA officials the most frequent violation revealed in the course of such systematic monitoring is absence of privacy/data processing policies available on the websites for users as well as non-compliance of such policies with the requirements of the Russian law.
Please see below a brief table outlining timing of systematic monitoring (with respect to different categories of companies) planned by the Department of the DPA in the Central Federal District1.
|
Sphere
of monitoring
|
Industry
|
Scheduled
period of audit
|
|
Start
day
|
End
day
|
|
Monitoring
in the Internet
|
E-commerce
|
16.03.2016
|
18.03.2016
|
|
12.09.2016
|
14.09.2016
|
|
Debt
collection agencies
|
16.05.2016
|
18.05.2016
|
|
14.11.2016
|
16.11.2016
|
|
Financial
and credit companies
|
13.06.2016
|
15.06.2016
|
|
14.12.2016
|
16.12.2016
|
|
Insurance
companies
|
08.08.2016
|
10.08.2016
|
|
Other
companies
|
11.07.2016
|
13.07.2016
|
|
Monitoring
of information placed in the public domain, outdoor advertising and on LED
screens
|
Retail
|
18.05.2016
|
20.05.2016
|
|
Other
|
18.07.2016
|
20.07.2016
|
|
07.12.2016
|
09.12.2016
|
1Please note that we included here only that spheres of monitoring and categories of companies that might be of interest to our clients (e.g., we excluded state/municipal authorities, social organizations, educational organizations, state medical institutions, etc.).
***
We hope you will find this information helpful. Should you have any questions, please do not hesitate to contactIrina Anyukhina(
[email protected]), Partner of ALRUD Data Protection practice.
Please note that this Newsletter should not be considered as a ground for making any decision regarding a particular issue. All the information for this Newsletter was taken from the public sources.
Footnotes:
Read full article at: http://www.alrud.com/upload/iblock/14f/Newsletter_Systematic%20monitoring%20of%20the%20Russian%20Data%20Protection%20Authority.pdf