PrivacyRules local expert, Sergey Medvedev from Gorodissky & Partners, elaborates on the risks related to the non-compliance with the Russian data privacy law in these complex times.

You may wonder if the Russian data protection law must be complied with even during the Covid-19 times, the answer is yes! Beware that the Russian data protection law has been recently amended giving higher powers to the Russian IT Regulator (Roskomnadzor) which can now impose truly heavy fines against non-compliant companies. Worth noting, the Roskomnadzor can now start random inspections and, if the inspection reveals that a company is non-compliant, the Regulator can initiate an administrative proceeding before the competent Court without the need of a prosecutor.

The sanctions can be of civil, administrative or criminal nature. An example of a heavy sanction is the blockage of the website for an online business or an e-commerce company (which is what happened in the LinkedIn case). Furthermore, in certain cases fines are imposed on the basis of the number of the employees the sanctioned company has.

To know more about the risks related to the complexity of the Russian privacy regulations, watch this video and contact Sergey for guidance and advice!

The President of Indonesia, Joko Widodo, issued a Presidential Decree No. 12/2020 declaring Covid-19 pandemic as a Public Health Emergency situation. Then, the Government has released Regulation No. 21 of 2020 on Massive Social Restrictions (“GR 21/2020) allowing the Regional Government to implement Massive Social Restrictions.

On April 09, 2020, the Governor of DKI Jakarta has issued Regulation No. 33/2020 on Implementation of Massive Social Restrictions in Jakarta.

In this pandemic situation many business activities are disrupted and stop operating. For this reason, they are assessing their existing contracts to determine whether the pandemic of Covid-19 can be considered as force majeure or not.

Our Indonesian expert from SIP Law Firm , R. Yudha T. W., elaborates on the recent updates of its country and explains how Indonesia is handling the concept of force majeure.

Listen to this flash news to know more about this interesting topic!

The Morrisons case: When is an employer liable for data breaches by its employees?

❗Flash Briefing from the UK❗

⚡Kim Walker of Shakespeare Martineau discusses the UK Supreme Court’s important recent judgement clarifying the scope of the principle of “vicarious liability”: when is an #employer strictly liable for the wrongdoings of its employees even though the employer is entirely blameless?

➡️ The case is of particular interest to anyone advising on #dataprotection, because the employee, in this case, had maliciously and wrongfully uploaded #payroll data of 100,000 employees to the internet, potentially exposing Morrisons to huge claims for compensation from the employees involved.

➡️ The High Court and the Court of Appeal in the #UK had previously found Morrisons vicariously liable for the rogue employee’s actions.

The discussion includes:

❓How do you decide what an employee’s “field of activities” are?

❓When is the wrongful action “closely connected” to the field of activities?

❓Are the employee’s motives relevant?

❓Why was the previous leading case (Mohamud v Morrisons) different?

❓What are the practical implications in the field of data protection?