Irina Anyukhina

Irina Anyukhina

Partner
Irina Anyukhina

Chambers Europe

Irina Anyukhina is high knowledgeable and dedicated. She has a strategic and business-oriented approach. Clients appreciate Irina for her thoughtfulness and ability to clearly enunciate the core of the matter.

Biography
Recent work
Publications and Insights
Rankings and awards

Irina Anyukhina is an ALRUD Law Firm partner heading Labour and Employment practice.

Irina is a recommended expert on Labour law, advising international and Russian companies on international and cross-border workplace issues, reductions and restructurings, senior executives and expatriate issues.

Irina operates at the interface of employment and corporate laws in cases involving mergers and acquisitions, implementation of incentive programmes, executive compensation and benefits, global and local employment policies, outsourcing, and employee privacy issues. Irina is often involved in cross-border and internal investigations of employees’ misconduct. Irina represents clients in out-of-court settlements and disputes with employees.

Irina Anyukhina joined ALRUD in 2002 and became partner in 2007. Clients praise Irina for her business-oriented approach, outstanding communication skills, thoughtfulness and ability to clearly enunciate the core of the matter.

Irina graduated from the Moscow State University of International Affairs with Ministry of International Affairs of Russia, Public international law division of International law department.

Irina is a member of International Bar Association and American Bar Association.

Includes advising and representing:

Uber

in its major business merger deal with Yandex on a great number of employment and HR-related questions.

Akzo Nobel

with separation of its Specialty Chemicals business unit, development and implementation of employee restructuring plan.

Philip Plein

on the development of HR policies, including bonus policy for sales employees.

An internationally leading medical device company

with staff restructuring to ensure balanced shareholder control over business operations.

Olam

on the legal and tax implications of implementing the international employee share plan.

The major analytics company

with a complex internal investigation of alleged misconducts of two employees of the Russian subsidiary.

One of the leading Japanese manufacturer of commercial vehicles and diesel engines

with reviewing the evidences concerning incompliances of one of the top manager, and developed the strategy for protection of the Client’s and its CEO’s business reputation.

The group of music companies

in 4 litigations with the conflict employee who had access to the financial resources of the Client.

Concise and to the point with ALRUD: HR & DIGITAL (№10)
Roskomnadzor (Russian Data Protection Authority) plans to make it easier for personal data subjects to revoke consent to the processing of personal data Roskomnadzor proposes making it possible to ****revoke consent**** to the processing of personal data “in one click”. Technically, the mechanism can be implemented as part of the ****consent management system that the Ministry of Digital Development, Communications and Mass Media**** created on the basis of the ****Gosuslugi**** service, but it will require revisions to standards. The relevant draft law may be considered as early as September. Business fears that implementing the plan will lead to ****increased costs for the restructuring of information systems****. Criminal liability for violating the secrecy of correspondence and destroying corporate information The Oktyabrsky District Court of Ufa handed down a ****verdict**** in a criminal case against a ****former employee of the company****. He was found guilty of committing crimes under Part 1 of Article 138 of the Russian Criminal Code (****violation of the secrecy of correspondence****) and Part 2 of Article 272 of the Russian Criminal Code (****unlawful access to legally protected computer information committed out of self-interest****). The court found that in November 2023, a man who previously worked as a ****system administrator**** remotely ****copied the email correspondence****, ****contacts****, and ****personal data**** of the general director and ****corporate information**** containing ****trade secrets**** and ****destroyed**** them. The defendant pleaded guilty to the crimes. The court sentenced him to a ****fine of 120,000 RUB**** (approximately 1,364 USD or 1,268 EUR). The verdict does not contain information about the company filing a ****civil claim**** in criminal proceedings to ****compensate for damages**** caused as a result of the destruction of corporate information. Question Can the data controller be subjected to ****administrative liability**** during the ****moratorium on inspections****? Position of the 8th Court of the General Jurisdiction (Case No. 2a-2919/2022) If a violation is ****revealed**** during the consideration of materials received, including from a citizen, Roskomnadzor may ****conduct an inspection**** and ****initiate an administrative offence case**** or ****refuse**** to initiate it.
05 July 2024
Concise and to the point with ALRUD: HR & DIGITAL (№9)
Ban on foreign information security services from “unfriendly” jurisdictions Decree No. 250 of the Russian President dated 1 May 2022 “On Additional Measures to Ensure the Information Security of the Russian Federation” previously imposed restrictions on the ****use of foreign information security means****. In particular, government authorities, state corporations, systemically important organizations, and subjects of critical information infrastructure (“CII subjects”) are prohibited from using ****information security means**** as of 1 January 2025: ****Originating**** from “unfriendly” states; Or from ****manufacturers**** that are organizations under the jurisdiction of “unfriendly” states, directly or indirectly controlled by them or ****affiliated**** with them. Decree No. 500 of the Russian President dated 13 June 2024 extended the scope of the ban: as of 1 January 2025, government authorities, state corporations, systemically important organizations and CII subjects are also prohibited from ****using cybersecurity services**** (work or services) from companies from “unfriendly” states. If your company belongs to government authorities, state corporations, systemically important organizations or CII subjects, we recommend that together with IT you conduct an ****audit of software**** and ****IT services used for HR****, ****accounting**** and ****personnel management**** purposes in order to ensure timely compliance with the requirements of the above-mentioned presidential decrees. A 14th package of sanctions, including IT restrictions, has been imposed against Russia The USA has significantly expanded sanctions against Russia, with new restrictions affecting financial infrastructure, ****cloud**** services and information technology. The USA will ban a number of software and IT services as of ****12 September 2024****. The US Department of the Treasury, together with the State Department, issued a special decree with the following restrictions: It is prohibited to provide any person in Russia with ****design services**** and ****IT consulting services****; It is prohibited to supply ****cloud technology**** and ****IT support services**** for business management, as well as design and manufacturing software. Russian companies using such software for ****HR purposes**** may consider the following courses of action: Change the ****vendor****, which will allow them to continue using the software in Russia; ****Localize**** relevant HR processes. Exemption from liability for personal data leaks due to the insignificance of the offence During the ‘I Give My Heart to Children’ Russian Professional Skills Competition for Continuing Education Employees, there was a technical failure that led to the brief publication (****three minutes****) of information about a personal data subject on the competition website. The subject’s ****passport details****, ****registration address****, ****telephone number**** and ****email address**** were published, all of which constitutes personal data. In court, the data controller pointed out that the incident was caused by a technical malfunction in the service, third parties did not gain access to the personal data since the violation was ****eliminated**** as soon as possible, and ****no damage**** was caused to the subject of the personal data. The Russian Federal Service for Supervision of Communications, Information Technology and Mass Media, (Roskomnadzor) reported that it ****did not receive any complaints**** about the data controller as a result of the incident. In accordance with the law, the data controller sent a ****notification about the leak**** of personal data. A justice of the peace of the Danilovsky District of Moscow (Case No. 05-1415/456/2023) ruled that the data controller had failed to ensure the ****confidentiality of personal data**** and had not prevented ****unauthorized access**** to it by third parties, and qualified the offence under Part 1 of Article 13.11 of the Code of Administrative Offences of the Russian Federation. However, since the court had no evidence that information about the personal data subject had been ****copied****, ****obtained**** or ****used**** by ****third parties**** to violate its legally protected rights, including through the competition website, the court relieved the data controller of administrative liability due to the ****insignificance of the offence**** and limited itself to a ****verbal reprimand****.
25 June 2024
ALRUD Labour and Employment Practice provides comprehensive out-of-court legal support to one of the largest Russian energy companies
Within a complicated labor dispute involving a middle-level employee, the ALRUD team offered the client comprehensive out-of-court legal defense. The project involved the development and adjustment of the legal position for a client who was representing themselves in court. We made it a priority to address any inconsistencies and violations attributed to the employee, while also preparing a strong defense against claims for a substantial bonus payment. During a series of strategy meetings with the client, we provided insightful commentaries and valuable recommendations on how to proceed in court. Through this collaboration, the company was able to enhance its defense strategy, identify strong justifications for disciplinary sanctions, and ultimately protect its position with success. The project presented a challenge in dealing with numerous infringements and violations, some of which exceeded the usual procedural terms. The non-financial audit performance was carefully analyzed to determine the validity of any violations, with a strong focus on the legal aspects. The project was crucial for the client as it helped them avoid paying a substantial bonus and default interest, which could have greatly increased their financial expenses. In addition, the company's strong confirmation of the legality of the disciplinary sanctions has further solidified its position in terms of corporate governance. ALRUD team working on the project included Partner Irina Anyukhina and Senior Associate Margarita Egiazarova.
24 June 2024
Concise and to the point with ALRUD: HR & DIGITAL (№8)
The State Duma will consider a draft law on the possibility for the plaintiff to receive personal data (“PD”) of the defendant Amendments are planned to be made to the ****Civil Procedure Code**** of the Russian Federation. It is proposed to grant the plaintiff the right to file a ****motion**** to the court for assistance in ****establishing information about the defendant****, which is necessary to file a claim in court, but the plaintiff does not have. In addition, if the law is adopted, the court will be able to independently determine the ****ist of data**** about the defendant necessary to accept the claim. More than half of the surveyed small and medium-sized businesses are not ready for tougher sanctions for PD leaks Less than half of Russian companies (44%) from the ****SMB segment**** have managed to ****review their PD protection measures**** against the background of possible tightening of sanctions for their leaks. 50% of companies have not even studied the amendments in detail, and some do not plan to strengthen protection at all yet. Some of the respondents (45%) expect to strengthen protective processes ****“within a year”****, another 8% - ****“in the next six months”****. There are also those (4%) who do not plan to review the protection at all yet. At least 32% of SMB respondents are concerned about ****reputational risks**** from sanctions. 68% of respondents are concerned about ****financial losses****, including from the imposition of fines. It is noteworthy that only 43% of respondents have conducted an audit of PD processing processes over the past 3 years, 11% conducted an audit more than 3 years ago. Almost a quarter (21%) have never conducted an audit at all. 25% of the respondents could not give an answer to this question. We remind you that the draft laws on ****administrative and criminal liability for PD leaks**** are planned to be finally considered this ****spring session of the State Duma****. Regardless of the adoption of these bills in this session, we recommend that data controllers be prepared to tighten liability for PD leaks. To this end, companies should conduct an ****audit of PD processing processes and an IT security audit****. A draft law on the right of the Federal Tax Service to transfer information that constitutes a tax secret to interdepartmental commissions has been adopted in the first reading According to the new law on employment, ****interdepartmental commissions**** on combating ****illegal employment**** will be created in the regions of the Russian Federation. They have the right to receive from various authorities, including the ****tax service****, PD and information constituting a ****tax secret****. They want to extend the effect of the tax secrecy regime to cases where the tax authorities transfer relevant information and information to interdepartmental commissions of the subjects of the Russian Federation and territorial bodies of the ****Federal Service for Labour and Employment (Rostrud)****. Following the results of the prosecutor's office's inspection, the DPO of the company was brought to administrative liability The ****Prosecutor's office**** of the Kirovsky district of Saratov conducted an inspection of compliance with legislation in the field of PD protection in a medical company. During the supervisory activities, together with a specialist of the ****Roskomnadzor Department**** for the Saratov region, a fact of ****illegal dissemination of a database containing PD of clients****, in particular ****phone numbers**** and ****full names****, was revealed. According to this fact, the district prosecutor's office initiated an administrative offense case under Part 1 of Article 13.11 of the Administrative Code of the Russian Federation ****against a responsible official of a medical company****. According to the results of the consideration of the case, the DPO was sentenced to an ****administrative fine in the amount of RUB 10,000 (approx. USD 112, EUR 103)****. Question Can an employer track the ****location**** of employees through their personal smartphones?Can an employer track the location of employees through their ****personal smartphones****? Answer from Rostrud The employer has the right to monitor the employee through an ****application in a mobile phone****, if this is related to the ****performance of job duties****. We additionally note the need to obtain the ****consent of employees to track and process PD****.
06 June 2024
Irina Anyukhina prepared a review for the IBA GEI Annual Global Report
The International Bar Association Global Employment Institute (IBA GEI) published its 12th annual global report on general international trends in human resources law with examples from 54 countries. Irina Anyukhina, Partner of ALRUD Labour Practice, covered a block of issues related to current regulatory trends and developments in Russian labour and migration law, including artificial intelligence, flexible working, alternative workforce, unions, labour disputes. The global report can be found here.
27 May 2024
ALRUD Labour Practice holds an HR club dedicated to financial liability of employees
On 22 May 2024 ALRUD hosted face-to-face meeting of HR-Club on the topic: “Financial liability in labour relations: a dialogue on the eternal”. The following experts from ALRUD Labour Practice participated in the discussion: Irina Anyukhina, Partner, Maria Nevezhina, Senior Associate, PhD in Law, Ekaterina Bronitsyna, Associate. The participants discussed how to bring an employee to financial liability effectively and safe for the company; how to recover damages; how to document the procedure so that even the most demanding court would take the employer’s side; how to bring top-management to liability without reputational losses. ALRUD HR-Clubs are held in the format of live discussion, exchange of views, and dialogue between business and lawyers. Dialogue between legal counsels and practitioners makes the event the most useful for all the club members. If you or your colleagues would be interested to participate, we invite you to join the discussion. Please address all the issues concerning participation to Senior Marketing Manager Anna Glukhova: aglukhova@alrud.com
27 May 2024
Concise and to the point with ALRUD: HR & DIGITAL (№7)
The Federation Council clarified how the Russian Digital Code will look like Work on the ****Digital Code****, which will become the basis for legal regulation of relations in the field of ****information**** and ****digital technologies****, will take at least another ****year****, and a significant part of the future document is planned to be devoted to the protection of ****personal**** and ****biometric data****. The structure of the Code reflects two parts – ****general**** and ****special****: the general part will list the basic concepts, terms, principles, subjects and objects of law, that is, all that is called the ****conceptual apparatus****; in a special part – specific types of state and social institutions, types of legal relations and ways of their regulation. Separately, the Federation Council noted that the special part involves three large sections: issues of ****communication****, ****information**** and ****personal data protection****. We recommend that employers monitor the development and adoption of the code, as it can have a direct impact on digitized HR processes in companies. Participants of JSC and LLC at online meetings will be identified by electronic signatures or biometric personal data Draft amendments to the ****laws on JSC and LLC**** have been prepared for the second reading in the ****government bill**** (No. 103501-8). Initially this document was devoted to another issue: it provided for the possibility of the JSC to suspend the sending of ****correspondence**** and payment of ****dividends**** to ****shareholders**** who have not ****contacted the company for more than two years**** (the so-called ****lost shareholders****). It is proposed to use a choice of five options when identifying a participant in online meeting: enhanced qualified electronic signature, enhanced unqualified electronic signature, personal data from the ****Unified Identification and Authentication System**** (ESIA), as well as information from the ****Unified Biometric System**** (EBS). At the same time, ****non-public JSC**** will be able to deviate from the rules set out: specify in the charters other ways to ****reliably identify persons**** taking online participation in the meeting and ways to sign ballots. The bill also regulates the general rules for online meetings. For example, such a format should provide for ****broadcasting****, and the company is obliged to ****keep a record**** of it. If there are significant ****technical problems**** that make it impossible to hold a meeting, the vote is declared ****invalid****. Question Should the Data Protection Officer (DPO) be directly subordinate to the General director?Should the Data Protection Officer (DPO) be directly subordinate to the General director? Answer from Roskomnadzor The DPO receives instructions directly from the ****executive body**** of the organization that is the data controller and is accountable to it.The DPO receives instructions directly from the executive body of the organization that is the data controller and is ****accountable to it****.
23 May 2024
Key changes in labour legislation. A quarterly review
Dear Ladies and Gentlemen, We present to your attention our new format - a quarterly review of the key changes in labour legislation and related areas. The document includes a description of the latest legislative changes, which either have already entered into force in the current 2024 or will be put into effect in the near future. This review will be useful for HR directors, company executives, compliance officers, heads of legal departments and other interested parties.
22 May 2024
Concise and to the point with ALRUD: HR & DIGITAL (№6)
The Russian government has approved draft amendments to the Russian Criminal Code that increase the severity of punishment for leaks of personal data (“PD”) The amendments have changed slightly compared with the version adopted in the first reading. The Ministry of Internal Affairs (MVD) proposed mitigating liability for leaks and editing the wording so that penalties are imposed only in the event of the leakage of (1) data of 50 or more PD subjects, or (2) information about people’s private life, personal or family secrets, special categories of PD, or biometric PD. The Ministry of Justice opposed such amendments, arguing that restricting the number to 50 PD subjects would result in attackers intentionally splitting up databases with leaked PD, while those who leak the PD of fewer people would be able to avoid criminal punishment. Under the draft law, if a violation results in severe consequences, the guilty parties may be punished with a fine of up to 3 million RUB (approximately 32,730 USD or 30,476 EUR) and maximum prison sentence of up to 10 years, as well as forced labour and deprivation of the right to hold certain positions or engage in certain activities. We are closely monitoring the consideration of this draft law and will keep you posted about the latest news. Russia may soon have a mechanism to compensate for damages caused by the leakage of PD The Federation Council has drafted a bill on mandatory insurance for PD leaks. The law would clearly specify not only the insurance amount, limits and list of risks, but also a list of exceptions that should not be set by the actual insurance companies. We understand that the legislators’ main goal is to encourage companies to pay closer attention to their IT infrastructure, in part to ensure the best possible protection of stored PD or to refuse to process it if it is not required for business. Growing number of PD-related legal disputes The number of disputes over the illegal use of PD is on the rise in Russia: since the start of 2024, their number has already increased by 17% compared with the beginning of 2023. There were a total of 17,400 cases across the country in 2023, an increase of 23% from 2022. Last year, the greatest dynamics in this regard were seen in administrative and criminal cases. The disputes under the Russian Criminal Code concern the illegal receipt of PD about a particular person, which is due to increased attention to the problem of growing terrorist threats. Businesses, in turn, face claims from employees about the reliable storage of their information and the legality of processing their PD. On the one hand, this poses reputational risks, while, on the other hand, it attracts the attention of the Russian PD authority (Roskomnadzor). We recommend that data controllers regularly conduct an audit of the processes of PD processing to bring them into compliance with the requirements of law and minimize financial, operational and reputational risks.
17 May 2024
Webinar "Artificial intelligence technologies in HR processes: lawyers' opinion" was held
Webinar "Artificial intelligence technologies in HR processes: lawyers' opinion" was held on the 2nd of May. It was devoted to the latest trends, practical considerations, and complicated situations arising due to use of artificial intelligence (AI) in Russia. Irina Anyukhina, Partner of ALRUD Labour and Employment Practice, Anastasia Petrova, ALRUD Of Counsel, and Margarita Egiazarova, ALRUD Senior Associate, shared their views on topical issues and provided valuable insights on the use of AI in Russia. In the course of the webinar, the experts addressed legal aspects of use of AI in HR, offered suggestions on implementation of AI in HR, shared solutions to the problems connected with data privacy violation, and measures to mitigate the risks, and also gave the examples of implementation of AI in HR. This topic was of great interest to the audience, webinar attendees actively asked questions and got involved into discussion.
10 May 2024
Pravo-300, 2023 recommends Irina Anyukhina for Labor and migration law, Compliance.
Best Lawyers 2022 recommends Irina Anyukhina for Labor and Employment Law, Privacy and Data Security Law, Construction Law, TMT (telecommunications, media and technology), Intellectual Property Law.
Chambers Europe, 2021 recommends Irina Anyukhina for Labor and Employment Law.
The Legal 500 Europe, Middle East & Africa 2021 recommends Irina Anyukhina for Labor and Employment Law.
Who’s Who Legal,Thought LeadersThought Leaders - Labour & Employment 2021 and Global Leader Labour & Employment 2021 and Pensions & Benefits 2021 recommends Irina Anyukhina as a leading practicing lawyer.
We use cookies to offer better performance of the website and fulfill some other purposes specified in the Privacy Policy. By way of ticking the box you provide your consent to use of cookies. Otherwise, we will only use technical cookies, which are necessary for proper functioning of the website.
Accept