Data Protection and Cybersecurity

Data Protection and Cybersecurity

About
Experience

We are proud to be one of the first leading Russian law firms to establish a specialist practice dedicated to Data Protection and Cybersecurity led by lawyers with specific expertise in IT, media, telecoms and software development. This enables us to deliver sophisticated advice to market-leading Russian and multinational clients on the wide range of legal issues associated with collecting and processing personal data and mitigating the risk of cybersecurity breaches.

Our advice ranges from cross-border transfers of personal data, to GDPR compliance, big data analytics, artificial intelligence, internet of things, employee background checks, internal investigations and counter-terrorism information security requirements. We help our clients comply with the ever-evolving Russian rules and regulations including the so-called “Yarovaya laws” and laws relating to critical infrastructure, video on demand and data security. We also bring extensive knowledge in representing clients in court and administrative proceedings relating to blacklistings of websites, apps and IP domains. Our experience spans virtually every industry including banking and finance, healthcare and clinical trials, e-commerce, retail, social media, media and telecoms, internet of things and market research.

ALRUD’s full-service offering is a key factor in attracting blue-chip domestic and international clients. Our Data Protection and Cybersecurity team routinely works with ALRUD’s top-ranking teams in other practice areas including corporate and M&A, labour and employment, regulatory, dispute resolution, private client advisory, banking and finance. This approach enables us to advise on the full spectrum of a client’s complex requirements, giving us the scale of resources needed to service the most demanding situations. At the same time, our Data Protection and Cybersecurity team is regularly instructed by clients on a standalone basis.

Much of our work has an international element and we are proud to be the Russian law firm of choice for many of the world’s top tier law firms in Europe, Asia and the US. Our success in establishing collaborative relationships with our overseas law firm partners enables us to deliver the highest quality advice in representing our clients’ interests in multi-jurisdictional matters. Our clients greatly value our ability to assemble teams that are in tune with their specific needs, both commercially and culturally.

Our multi-lingual approach is a significant advantage, enabling us to provide legal services in English and Russian as well as in multiple other languages including German, French, Chinese, Japanese and Korean.

Our core philosophy, which sets us apart from our competitors, is that providing excellent advice in contentious situations is not only about the technical interpretation of the law; it is equally about the economic, political, business and social considerations. This philosophy guides our approach to recruiting and developing the best lawyers in the field. We are unique in the focus we place on educational and development programmes for our lawyers, supporting them through post-graduate programmes at top business schools and secondments to some of the world’s leading international law firms. This enables our team to bring a broader perspective to our advice.

Our Services

  • Advising on Russian rules and regulations on data protection and information security requirements applicable to processing activities, including data localization requirements and structuring data flows within group of companies as well as disclosures to third parties
  • Legal Due Diligence of personal data processing activities and information security
  • Representing clients in the course of audits conducted by Russian Data protection authority and security authorities
  • Support of the Data Protection Officer function
  • Filings to and liaising with the Data Protection Authority
  • Preparing policies and regulations on personal data processing, consents, privacy notices
  • Advice on legal requirements to cross-border transfers of personal data, drafting data processing and data transfer agreements, confidentiality and non-disclosure agreements
  • Assessment of software from perspectives of compliance with data protection and information security requirements
  • Advice on counterterrorism information security requirements
  • Support of global data privacy team of international companies in reconciling global corporate standards and peculiaties of local laws (e.g., where some data processing activities are subject to both European and Russian laws)
  • Advice and trainings on GDPR implementation and compliance programs and their harmonization with local requirements
  • Advice on implementation of monitoring of emails and use of internet by employees, requirements to background checks of individuals, internal investigations, bring-your-own device programs, whistleblowing, etc.
  • Advice on privacy issues arising in e-commerce, drafting legal documents to be published on websites (Terms and Conditions of Use, Privacy Notice, wording of consents)
  • Advice on building up system of information protection and application of legal, organizational and technical measures of information protection
  • Advice on the regulatory requirements applicable to the use of encryption, licensing and certification
  • Support in case of data breach
  • Supporting release of the websites blacklisted by the Data Protection Authority for violation of Russian data protection laws
  • Provision of difference training programs and case study sessions to increase awareness of client’s staff of data protection risks and safeguards

Discover our insights

Newsletters
05.12.2024
Fines for violations of personal data processing have been increased dramatically
24.07.2024
Data Protection: What Do Operators Need To Know in 2024?
02.07.2024
New legislative changes in the IT sector in June 2024
08.04.2024
Legislative initiatives in CII regulation and lifting of the antitrust moratorium
18.03.2024
TMT Legal Digest: "Key regulatory news in the TMT industry from June 2023 to February 2024"
28.12.2023
Stricter liability for personal data processing
17.07.2023
Imposing restrictions on the use of IT-products in the government and financial sectors
17.05.2023
New obligations of technological communication networks owners: data storage and interaction with law enforcement authorities
27.02.2023
Cross-border transfer of personal data in Russia: possible ban or restriction and relations between Russia and the Council of Europe regarding Convention 108
22.02.2023
Data Protection guidelines: to-do list if you are not ready to submit the notification on cross-border data transfer before 1 March 2023
23.12.2022
Regulation in the field of personal data: what to expect in 2023?
08.09.2022
Data Protection checklist: how to prepare for new requirements
01.04.2022
IP and Data Protection checklist for international businesses in Russia: issues that should be taken into account in times of sanctions
09.03.2021
New penalties for the breach of the Russian personal data and information laws
03.02.2021
Media and Data Protection Laws in 2021: What’s New?
11.11.2020
Data protection compliance in the CIS and neighboring countries: Top 10 Frequently Asked Questions
05.11.2020
Diversity & Inclusion: Practical Steps to Mitigate Privacy-related Risks
23.06.2020
Employees’ data protection issues during the removal of restrictions caused by coronavirus infection
23.06.2020
Employees’ data protection issues during the removal of restrictions caused by coronavirus infection
13.04.2020
COVID-19: Key data protection and cybersecurity issues triggered by the spread of coronavirus infection
18.02.2020
Recent enforcement of new sanctions for failure to localize personal data in Russia
11.12.2019
New sanctions for failure to localize personal data in Russia
26.11.2019
New sanctions for failure to localize personal data in Russia
20.05.2019
Main approaches of enforcement practice in the area of data protection and positions of Roskomnadzor: practical guidance
04.03.2019
New rules of audits/inspections of companies processing personal data by the Russian Data Protection Authority
07.02.2019
Guidelines on the territorial scope of the GDPR
21.12.2018
Data breach notification obligation has been introduced for players of the financial sector in Russia
29.10.2018
Forthcoming fundamental changes of the Russian data protection legislation
Brochures

Highlights of recent domestic and international work

The largest manufacturer of cosmetics and perfumes

on Russian data localization requirements and re-structuring of its information systems.

A world-known Telecom operator

on the data protection requirements applicable to its activities in Russia, including requirements for storing voice and text messages, secrecy of communications and lawful interception.

The world's largest independent provider of personalized telematics services

on cross-border transfers of personal data of customers.

One of the most-famous players in the market of cosmetic products

prepared for the inspection of the Russian Data Protection Authority, assisted the client with the elimination of violations revealed upon results of the inspection.

A leading global financial services firm

on cross-border transfers of personal data in relation to an investigation by a UK state authority.

One of the world’s largest car manufacturers

in its interaction with Roscomnadzor officials, during on-site inspection of compliance with data protection laws.

A global management consulting and professional services company that provides strategy, consulting, digital, technology and operations services

on complex issues of Russian regulations on cybersecurity and relevant liability and enforcement issues on cybercrime.

American worldwide banking services holding company

on legal implications of use by the employees of their personal mobile devices for job-related purposes (Bring Your Own Device Concept).

A major jewelry and accessories firm

on measures required to launch e-commerce functional website from perspective of Russian data protection laws.

Discover our insights

Newsletters
05.12.2024
Fines for violations of personal data processing have been increased dramatically
24.07.2024
Data Protection: What Do Operators Need To Know in 2024?
02.07.2024
New legislative changes in the IT sector in June 2024
08.04.2024
Legislative initiatives in CII regulation and lifting of the antitrust moratorium
18.03.2024
TMT Legal Digest: "Key regulatory news in the TMT industry from June 2023 to February 2024"
28.12.2023
Stricter liability for personal data processing
17.07.2023
Imposing restrictions on the use of IT-products in the government and financial sectors
17.05.2023
New obligations of technological communication networks owners: data storage and interaction with law enforcement authorities
27.02.2023
Cross-border transfer of personal data in Russia: possible ban or restriction and relations between Russia and the Council of Europe regarding Convention 108
22.02.2023
Data Protection guidelines: to-do list if you are not ready to submit the notification on cross-border data transfer before 1 March 2023
23.12.2022
Regulation in the field of personal data: what to expect in 2023?
08.09.2022
Data Protection checklist: how to prepare for new requirements
01.04.2022
IP and Data Protection checklist for international businesses in Russia: issues that should be taken into account in times of sanctions
09.03.2021
New penalties for the breach of the Russian personal data and information laws
03.02.2021
Media and Data Protection Laws in 2021: What’s New?
11.11.2020
Data protection compliance in the CIS and neighboring countries: Top 10 Frequently Asked Questions
05.11.2020
Diversity & Inclusion: Practical Steps to Mitigate Privacy-related Risks
23.06.2020
Employees’ data protection issues during the removal of restrictions caused by coronavirus infection
23.06.2020
Employees’ data protection issues during the removal of restrictions caused by coronavirus infection
13.04.2020
COVID-19: Key data protection and cybersecurity issues triggered by the spread of coronavirus infection
18.02.2020
Recent enforcement of new sanctions for failure to localize personal data in Russia
11.12.2019
New sanctions for failure to localize personal data in Russia
26.11.2019
New sanctions for failure to localize personal data in Russia
20.05.2019
Main approaches of enforcement practice in the area of data protection and positions of Roskomnadzor: practical guidance
04.03.2019
New rules of audits/inspections of companies processing personal data by the Russian Data Protection Authority
07.02.2019
Guidelines on the territorial scope of the GDPR
21.12.2018
Data breach notification obligation has been introduced for players of the financial sector in Russia
29.10.2018
Forthcoming fundamental changes of the Russian data protection legislation
Brochures
We use cookies to offer better performance of the website and fulfill some other purposes specified in the Privacy Policy. By way of ticking the box you provide your consent to use of cookies. Otherwise, we will only use technical cookies, which are necessary for proper functioning of the website.
Accept