Compliance
Upcoming Data Privacy Law for Russian Employers

Starting September 1, 2025, new rules will apply to how companies handle anonymized personal data in Russia. If you’re an employer or responsible for managing personal data, it’s important to understand what’s changing and what you’ll need to do to stay compliant.


What’s Changing?


From this date, companies that collect and process personal data must be ready to provide a list of anonymized personal data to the Ministry of Digital Development, Communications and Mass Media. This list will be used to build a secure State Information System (SIS) that holds anonymous data for public use.


The Ministry may send a formal request asking for this information. When that happens, your company must:

  1. Anonymize the relevant data (so it can’t be linked back to specific individuals)
  2. Send it to the SIS within the timeframe provided


Once the data is submitted, it will be stored in a way that makes it impossible to reverse or recover personal identities.


Who Can’t Access This Data?


To protect privacy and national security, the anonymized data in the SIS cannot be shared with:

  1. Foreign individuals or foreign companies
  2. People with criminal records related to extremism or terrorism


What You Should Do Now


If your business handles personal data, now is a good time to:

  1. Review how you collect and store data
  2. Make sure you have the tools to properly anonymize it
  3. Prepare to respond to any future requests from the Ministry


Staying ahead of these changes will help you avoid penalties and keep your data practices in line with the law.