Data Protection and Cybersecurity

We are proud to be one of the first leading Russian law firms to establish a specialist practice dedicated to Data Protection and Cybersecurity led by lawyers with specific expertise in IT, media, telecoms and software development. This enables us to deliver sophisticated advice to market-leading Russian and multinational clients on the wide range of legal issues associated with collecting and processing personal data and mitigating the risk of cybersecurity breaches.

Our advice ranges from cross-border transfers of personal data, to GDPR compliance, big data analytics, artificial intelligence, internet of things, employee background checks, internal investigations and counter-terrorism information security requirements. We help our clients comply with the ever-evolving Russian rules and regulations including the so-called “Yarovaya laws” and laws relating to critical infrastructure, video on demand and data security. We also bring extensive knowledge in representing clients in court and administrative proceedings relating to blacklistings of websites, apps and IP domains. Our experience spans virtually every industry including banking and finance, healthcare and clinical trials, e-commerce, retail, social media, media and telecoms, internet of things and market research.

ALRUD’s full-service offering is a key factor in attracting blue-chip domestic and international clients. Our Data Protection and Cybersecurity team routinely works with ALRUD’s top-ranking teams in other practice areas including corporate and M&A, labour and employment, regulatory, dispute resolution, private client advisory, banking and finance. This approach enables us to advise on the full spectrum of a client’s complex requirements, giving us the scale of resources needed to service the most demanding situations. At the same time, our Data Protection and Cybersecurity team is regularly instructed by clients on a standalone basis.

Much of our work has an international element and we are proud to be the Russian law firm of choice for many of the world’s top tier law firms in Europe, Asia and the US. Our success in establishing collaborative relationships with our overseas law firm partners enables us to deliver the highest quality advice in representing our clients’ interests in multi-jurisdictional matters. Our clients greatly value our ability to assemble teams that are in tune with their specific needs, both commercially and culturally.

Our multi-lingual approach is a significant advantage, enabling us to provide legal services in English and Russian as well as in multiple other languages including German, French, Chinese, Japanese and Korean.

Our core philosophy, which sets us apart from our competitors, is that providing excellent advice in contentious situations is not only about the technical interpretation of the law; it is equally about the economic, political, business and social considerations. This philosophy guides our approach to recruiting and developing the best lawyers in the field. We are unique in the focus we place on educational and development programmes for our lawyers, supporting them through post-graduate programmes at top business schools and secondments to some of the world’s leading international law firms. This enables our team to bring a broader perspective to our advice.

Our Services

• Advising on Russian rules and regulations on data protection and information security requirements applicable to processing activities, including data localization requirements and structuring data flows within group of companies as well as disclosures to third parties
• Legal Due Diligence of personal data processing activities and information security
• Representing clients in the course of audits conducted by Russian Data protection authority and security authorities
• Support of the Data Protection Officer function
• Filings to and liaising with the Data Protection Authority
• Preparing policies and regulations on personal data processing, consents, privacy notices
• Advice on legal requirements to cross-border transfers of personal data, drafting data processing and data transfer agreements, confidentiality and non-disclosure agreements
• Assessment of software from perspectives of compliance with data protection and information security requirements
• Advice on counterterrorism information security requirements
• Support of global data privacy team of international companies in reconciling global corporate standards and peculiaties of local laws (e.g., where some data processing activities are subject to both European and Russian laws)
• Advice and trainings on GDPR implementation and compliance programs and their harmonization with local requirements
• Advice on implementation of monitoring of emails and use of internet by employees, requirements to background checks of individuals, internal investigations, bring-your-own device programs, whistleblowing, etc.
• Advice on privacy issues arising in e-commerce, drafting legal documents to be published on websites (Terms and Conditions of Use, Privacy Notice, wording of consents)
• Advice on building up system of information protection and application of legal, organizational and technical measures of information protection
• Advice on the regulatory requirements applicable to the use of encryption, licensing and certification
• Support in case of data breach
• Supporting release of the websites blacklisted by the Data Protection Authority for violation of Russian data protection laws
• Provision of difference training programs and case study sessions to increase awareness of client’s staff of data protection risks and safeguards