Personal data leakage is an administrative . A offence, so the amount of the fine directly depends on the severity of the offence. A the larger the Misdemeanors are punishable violation, the higher the fine.
There is also a dependence on who is accused: for individuals . A the fines are the lowest. A for officials they are higher, for . A legal entities – the highest. For example, for processing personal data without written consent, an individual. A will pay up to 15 thousand rubles, an official – up to 300, and a legal entity – up to 700.
How to protect yourself from such threats
Leaks and leaks happen even at. A the it directors managers email lists largest companies ( Yandex, Sberbank, MTS Bank ) and even in the. A public sector. So it is almost impossible to completely protect yourself from such troubles.
But everything must be done to prevent this.
Fines and sanctions may be scary, but even here, everything is not so hopeless: if you comply with the requirements of the law, then it is quite possible to . Aprove your innocence and avoid punishment. For example, in 2022, Yandex was. A recognized as a victim in the case of the leak of personal data of Yandex Food couriers. Therefore, the very fact of initiating a case does not yet indicate guilt.
So, to protect the company and e-commerce consists of the following main stages minimize the risk of receiving a fine , it is worth taking the following measures.
IT infrastructure audit
It is important to ensure that the organization of work with personal data within your company complies with the requirements of the law , and that the IT infrastructure in particular is capable of ensuring the safety of information.
Namely, that:
- your servers are located in Russia in a secure location where outsiders are not allowed;
- you have internal authentication : only employees with certain rights have access to data;
- antivirus programs , firewalls, DDoS protection services, VPN and other similar software are used;
- Your software is certified by the vietnam data Federal Service for Technical and Export Control.
If you don’t work with the data yourself, but provide it to third-party services, you also need to be sure that their IT infrastructure meets these requirements.
By the way, if you provide services for storing and processing personal data, you can apply for an audit of your service. For example, it is carried out by the Association for the Protection and Storage of Personal Data , not only checking the company for reliability, but also indicating it on its website as such (of course, if the audit is passed), which helps to increase trust from potential clients.