GDPR Regulations in Russia

GDPR Regulations in Russia

Updated on Saturday 15th December 2018

Rate this article

based on 2 reviews

GDPR-Regulations-in-Russia.jpgEven if the General Data Protection RegulationGDPR – only applies in EU countries, Russia is also affected by this new law. To be more specific, the GDPR will affect Russian companies that have European clients and Russian companies which operate in the EU through branch offices and subsidiaries.

Because of the new law which was enforced in May 2018, Russian companies must now act in accordance and make a series of changes which will ensure the enhanced protection of personal data collected from clients.

Our Russian lawyers can explain how the General Data Protection Regulation works for Russian companies with European clients.

GDPR protection measures to be taken by Russian companies

Russian companies are not required to change their data protection policies, but they are required to adjust it so that it complies with the GDPR if they operate on the EU market. By adjusting it, we mean:

  • -          informing clients about the fact that their personal information is collected and stored;
  • -          informing clients about the personal information which will be collected;
  • -          creating new data collection policies which comply with the provisions of the GDPR;
  • -          ensuring that they comply with both the GDPR, but also with the Russian Data Protection Laws.


Our lawyers in Russia can also explain the local legislation related to personal data protection.

FAQ on the appliance of the GDPR in Russia

The introduction of the GDPR has left many Russian business owners with many questions, among which:

1. What are the Russian companies to be affected the most by the GDPR?

Studies have shown that Russian e-commerce and IT companies are most affected by the new GDPR regulations, as they have the largest number of EU clients.

2. Must Russian companies appoint GDPR officers?

Companies do not need to appoint GDPR officers if they operate from Russia, however, branches and subsidiaries of Russian companies must appoint such officers.

3. What is the primary source of law in Russia: the local privacy laws or the GDPR?

The Russian privacy laws are quite strict about the protection of personal information and are quite similar to the GDPR, therefore no problems should arise. In case of uncertainties, a Russian court will decide which of the laws applies.

4. Do the GDPR rules apply equally to all Russian companies?

Yes, they do. However, the companies are allowed to put in place their own systems in accordance with the provisions of the GDPR. This is why it is recommended to first discuss with a lawyer about the best option.

For more information on the GDPR regulations or assistance in drafting new consent forms, please contact our law firm in Russia.