ALRUD Law Firm
  March 2, 2016 - Russia

Systematic monitoring of the Russian Data Protection Authority

Further to our previous alert relating to inspections of the Russian Data Protection Authority (‘DPA’) we would like to draw your attention that DPA is also entitled to undertake measures of so-called systematic monitoring in order to supervise compliance of data controllers with the Russian legislation on personal data.

These measures mainly cover checking websites and information placed in a public domain. In frames of such monitoring the Russian DPA will randomly look at websites of companies within particular industries for compliance with general requirements of the Russian laws on personal data protection such as published privacy policies, registration forms, reference to a Russian server (localization law requirement), etc.

According to the clarifications of DPA officials the most frequent violation revealed in the course of such systematic monitoring is absence of privacy/data processing policies available on the websites for users as well as non-compliance of such policies with the requirements of the Russian law.

Please see below a brief table outlining timing of systematic monitoring (with respect to different categories of companies) planned by the Department of the DPA in the Central Federal District1.

Sphere of monitoring

Industry

Scheduled period of audit

Start day

End day

Monitoring in the Internet

E-commerce

16.03.2016

18.03.2016

12.09.2016

14.09.2016

Debt collection agencies

16.05.2016

18.05.2016

14.11.2016

16.11.2016

Financial and credit companies

13.06.2016

15.06.2016

14.12.2016

16.12.2016

Insurance companies

08.08.2016

10.08.2016

Other companies

11.07.2016

13.07.2016

Monitoring of information placed in the public domain, outdoor advertising and on LED screens

Retail

18.05.2016

20.05.2016

Other

18.07.2016

20.07.2016

07.12.2016

09.12.2016


1Please note that we included here only that spheres of monitoring and categories of companies that might be of interest to our clients (e.g., we excluded state/municipal authorities, social organizations, educational organizations, state medical institutions, etc.).
***
We hope you will find this information helpful. Should you have any questions, please do not hesitate to contactIrina Anyukhina([email protected]), Partner of ALRUD Data Protection practice.
Please note that this Newsletter should not be considered as a ground for making any decision regarding a particular issue. All the information for this Newsletter was taken from the public sources.




Footnotes:




Read full article at: http://www.alrud.com/upload/iblock/14f/Newsletter_Systematic%20monitoring%20of%20the%20Russian%20Data%20Protection%20Authority.pdf