A Q&A guide to data protection in the Russian Federation.

This Q&A guide gives a high-level overview of the data protection laws, regulations, and principles in the Russian Federation, including the main obligations and processing requirements for data controllers (operators), data processors, and other third parties. It also covers data subject rights, the supervisory authority's enforcement powers, and potential sanctions and remedies. It briefly covers rules applicable to cookies and spam.

To compare answers across multiple jurisdictions, visit the Data Protection Country Q&A Tool.

This resource does not consider legal developments arising out of and related to the 2022 Ukraine crisis. For resources concerning these topics, see Russia Sanctions and Related Considerations Toolkit.