The bank proposes to take the proposed approach into account

tanjimajuha20 · Post by **tanjimajuha20** » Thu Jan 23, 2025 6:21 am

Sberbank proposes to apply turnover fines to the personal data operator (PDn) only in "exceptional cases" when its actions or inactions have caused harm to data subjects, i.e. citizens, as a result of a leak. The bank outlined its position in a letter to the government, which Interfax has seen.

in the draft law that amends the Code of Administrative Offenses (CAO), including establishing turnover fines for businesses for leaks of personal data. The document was sent to the government in July by senators Andrei Turchak and Irina Rukavishnikova, as well as deputy Alexander Khinshtein.

Fines for operators
Currently, the maximum fine ecuador whatsapp resource for "leaks" for legal entities is up to 100 thousand rubles (300 thousand rubles in case of a repeated violation).

According to the draft law, which is at the disposal of Interfax, it is proposed to fine legal entities for "actions (inactions) of the operator that resulted in the illegal transfer (provision, distribution, access) of information, including personal data." For legal entities, it is proposed to introduce a fine for data leakage from 1,000 to 10,000 personal data subjects in the amount of 3 million to 5 million rubles, from 10,000 to 100,000 subjects - from 5 million to 10 million rubles, more than 100,000 - from 10 million to 15 million rubles.

Repeated violation (if the "volume" of the leak is more than 1 thousand personal data subjects): a fine of 0.1% to 3% of revenue for the calendar year preceding the violation, or for part of the current year, but not less than 15 million rubles and not more than 500 million rubles is imposed.

According to Sberbank, the composition of the violations in these parts is of a general nature and does not take into account the specifics of the processes of transferring personal data, and also "does not differentiate the objective side of the composition of the administrative offense based on the principle of the nature of the actions of the operator" of the data.

"We believe that turnover fines against the operator of personal data should be applied in exceptional cases, when the actions (inaction) of the operator resulted in harm to the subjects of personal data as a result of the illegal distribution of their personal data and (or) gaining access to their personal data by an unlimited number of persons," Sberbank's letter states.

The bank did not respond to Interfax's request for information on the criteria for determining these exceptional cases.