Personal data

Personal data

For over 12 years, Pepeliaev Group has been providing full-fledged legal support to clients in relation to all issues relating to organising work with personal data.

Our team’s competitive advantages are: a track record of implementing major projects relating to the protection of personal data, carrying out audits of personal data in companies with over 5,000 employees (transport and logistics companies, cellphone operators, plants, stock exchanges, pharmaceutical companies, global companies, etc.), a long-standing experience of participating in inspections of the Federal Service for Supervision of Communications, Information Technology and Mass Media (abbreviated in Russian to “Roskomnadzor”), and unique skills of conducting complex reviews of internal documentation in terms of compliance with the requirements of the law “On personal data”. Pepeliaev Group’s experts are engaged to perform a double check and draft an alternative opinion.

Our firm’s experts regularly conduct field-specific events relating to personal data which are attended by a great number of participants.

Professional services:

  • carrying out an audit of personal data;

  • drafting a list of procedures for processing personal data and updating this list;

  • preparing a full set of documents (internal regulations) relating to personal data (a data protection policy, a data processing policy, employees' consents to their data being processed, etc.);

  • preparing notifications to Roskomnadzor: about the intention to transmit personal data across the border; help in assessing foreign recipients of personal data; 

  • providing support during inspections carried out by Roskomnadzor, preventive visits, etc.;

  • drafting answers to enquiries by Roskomnadzor or personal subjects;

  • performing an audit of the company’s website;

  • preparing a full set of documents for the company’s website (confidentiality policy, consent to the processing of personal data, cookies, dissemination of personal data, etc.);

  • supporting clients in cases of leakages of personal data (round-the-clock support);

  • conducting an analysis of whether personal data has been transmitted across the border;

  • advising on the processing of biometric personal data and the localisation of databases;

  • preparing recommendations for the person responsible for the processing of personal data;

  • providing services relating to the technical protection of personal data (threat model, terms of reference, development plan, etc.);

  • legal design of documents (such as the confidentiality policy, terms of service, a public offer, etc.); and

  • advising on GDPR.


Assessed issues and risks connected with the implementation of a telematics system
The experts of our practice have advised a client on installing a telematics system on corporate cars made available to employees. 
Complex analysis of an access control and management system and bringing it in line with current legislation
The lawyers of the practice advised a major international company in connection with the enactment of Federal Law No. 572-FZ dated 29 December 2022 “On identifying and/or authenticating individuals using biometric personal data, on amending certain legislative instruments of the Russian Federation and on repealing certain provisions of legislative instruments of the Russian Federation” (“572-FZ”).
Other projects