DataGuidance confirmed, on 12 December 2017, with Sergey Medvedev, Senior Lawyer at Gorodissky and Partners, that the regional offices of the Federal Service for the Supervision of Communications, Information Technology and Mass Communications ('Roskomnadzor') for the Central Federal District, the Siberian Federal District and the Urals Federal District had released their inspection plans for 2018 ('the Inspection Plans'). In particular, the Inspection Plans outline the companies and sectors that will be subject to inspections by the Roskomnadzor, to ensure compliance with laws including the Federal Law of 27 July 2006 No. 152-FZ on Personal Data ('Personal Data Law').

Medvedev commented, "The specific rules for the Roskomnadzor's inspections are set forth by the Decree of the Russian Ministry of Communications and Mass Media of 14 November 2011 No. 312. [In the Inspection Plans] there are companies from various business sectors, including fast-moving consumer goods, life-sciences, banking and financial services and others. The Roskomnadzor plans to check national companies and local affiliates/subsidiaries of international companies. In scheduled inspections, the Roskomandzor annually approves a list of operators for which inspections are scheduled for organisations. Inspections may be 'onsite', meaning that the Roskomnadzor's officers are entitled to visit the data controller's offices, review relevant documents for compliance (e.g. the existence of data subjects' consent, internal privacy policies, etc.) or 'in-office' inspections, where the Roskomnadzor only reviews available documents (e.g. a privacy policy made available online)."

Medvedev added, "As result of the inspection, the Roskomnadzor may issue a request to remedy the noncompliance with the regulations and/or launch an administrative investigation, which may lead to a fine by a competent court. Decisions of the Roskomnadzor may be appealed within three months. As of this year the Roskomandzor has received certain additional powers, including to launch administrative actions without the involvement of the public prosecutors' offices, and we expect that administrative cases related to data protection violations may substantially increase in Russia. In light of this, we call upon companies processing data to take an active approach and protective strategies to ensure compliance with the Personal Data Law and other national regulations, including on data management and localisation."

The Central Federal District's inspection plan is available here, the Siberian Federal District's here and the Urals Federal District's here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.