+7 (831) 262-10-70

+7 (831) 280-82-09

+7 (831) 280-82-93

+7 (495) 545-46-62

42 B, ul. B. Pokrovskaya, Nizhny Novgorod, Russia, 603000

Monday to Friday 09:00 to 18:00 (GMT+3)

Data protection (privacy) laws in Russia

Types of data considered personal in Russia

Personal data is any information directly or indirectly related to an individual identified or identifiable based on such information (personal data subject).

National laws regulating collection and use of personal data

Data protection (privacy) laws in Russia include:

  • Strasbourg Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data 2005 (Strasbourg Convention);
  • Federal Law No. 152-FZ on Personal Data 2006 (Personal Data Protection Act);
  • Federal Law No. 38-FZ on Advertisement 2006.

The Personal Data Protection Act constitutes the backbone of Russian privacy laws. The main supervising authority is the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor).

Russian requirements to data localization

Data localization or data residency principle requires that all data related to Russian citizens be stored inside Russian Federation. According to article 18 of the Russian Personal Data Protection Act, data residency principle is bound to a foreign legal entity, if only it collects data directly within the boundaries of the Russian Federation. If personal data was received from another legal entity, the data localization principle is not applicable. Obtaining consent of a person to store his/her personal data outside Russian Federation does not exclude the data localization principle. The data localization requirement only applies to personal data of Russian citizens. If it is not possible to determine citizenship, then all data collected within the boundaries of the Russian Federation shall be localized.

Application of data localization and Russian data protection (privacy) laws to foreign legal entities

Data localization and other requirements of the Russian data protection (privacy) laws may apply to a foreign legal entity even if it has no office in Russia, but its activity is connected with Russia. The connection of a legal entity’s activity with Russia may be identified by the following:

  • Using Russian domain names (.ru, .рф., .su, .москва., .moscow, etc.);
  • Website has been localized into Russian (except automatic translation) and one of the below is also true:
    а) payment in RUB;
    b) goods can be delivered to Russia, services or content can be used in Russia;
    c) advertisement in the Russian language;
    d) other evidence that the website owner plans to sell on the Russian market.


Maximum fine for breach of data protection (privacy) laws in Russia amounts up to 75,000 RUB (around 1100 EUR) and may be accompanied by website blocking.


More than 10 years in the industry

We have translated almost a million pages, being called upon to solve linguistic problems of varying complexity, often to extremely tight deadline.

We are one of the Top-40 largest translation companies in Russia

This ranking is according to the site https://translationrating.ru using data for 2015.

We work to provide you with the greatest flexibility

We build relations with customers with an individual approach; our desire is to find and fully meet their needs.

Quality and privacy are in accordance with ISO 17100

We understand that high quality and our excellent reputation are our main competitive advantages.

Dynamic innovation

We develop software, participate in projects of professional organizations, and support law-making initiatives.


Alba Translating Company provided linguistic support for the International Day of Import and Export 2020


Alba Translating Company entered the TOP-5 best employers list


Alba Translating Company launched a separate division for audiovisual translation