In Part 2 of this two part Briefing, Kim Walker from Shakespeare Martineau explains the regulation of data transfers between the UK and the EU during and after the Brexit Transition Period which is due to last until 31 December 2020, and the provisions of the Withdrawal Agreement covering what happens at the end of the Transition Period to EU data “stranded” in the UK when Transition ends. Whose laws apply to it? He also makes some recommendations in case new arrangements on data processing are not concluded by the end of the Transition Period and no adequacy decision is made by the European Commission. In Part 1 of this Briefing, Kim explained what Brexit means for the processing of personal data in the UK during the Transition Period, including the laws that apply during Transition and the changing role of the UK’s supervisory body, the ICO, during and after this period.
The experts have discussed, among other things, about:
- The main crime trends EUROPOL has observed as a result of the COVID-19 pandemic
- If the Data Protection Authorities have successfully exercised their supervisory competences in relation to the COVID-19 monitoring measures
- How the privacy and tech experts from the private sector can support the cybercrime-fighting efforts
- The criminals use of the various types of vulnerabilities, and how are states and other actors reacting to that globally
PrivacyRules local expert, Sergey Medvedev from Gorodissky & Partners, elaborates on the risks related to the non-compliance with the Russian data privacy law in these complex times.
You may wonder if the Russian data protection law must be complied with even during the Covid-19 times, the answer is yes! Beware that the Russian data protection law has been recently amended giving higher powers to the Russian IT Regulator (Roskomnadzor) which can now impose truly heavy fines against non-compliant companies. Worth noting, the Roskomnadzor can now start random inspections and, if the inspection reveals that a company is non-compliant, the Regulator can initiate an administrative proceeding before the competent Court without the need of a prosecutor.
The sanctions can be of civil, administrative or criminal nature. An example of a heavy sanction is the blockage of the website for an online business or an e-commerce company (which is what happened in the LinkedIn case). Furthermore, in certain cases fines are imposed on the basis of the number of the employees the sanctioned company has.
To know more about the risks related to the complexity of the Russian privacy regulations, watch this video and contact Sergey for guidance and advice!