Website Compliance Audit for 152-FZ
Automatic check across 58 criteria in 30 seconds
Connecting to website...
0
out of 100
Potential fines under Art. 13.11 of the Code of Administrative Offenses
Pricing
Report
10 000 ₽
- Full detailed report
- References to regulations
- PDF for management
- Remediation recommendations
Popular
Basic
от 25 000 ₽
от 20 000 ₽
- Everything from the Report plan
- Privacy Policy
- Consent form setup
- Cookie banner
- Inspection guarantee
Turnkey
от 100 000 ₽
от 80 000 ₽
- Everything from the Basic plan
- Full document package (9 items)
- Preparation of Roskomnadzor notification
- Legal support
- Monitoring + re-check
- Priority support
Анна Крапивина
IT Lawyer, Cubit LLC
"85% of websites in Kuzbass violate 152-FZ. Since 2025, fines have increased dramatically, and Roskomnadzor began automatic enforcement. Fixing violations costs far less than the fines."
The results are for informational purposes only and do not constitute a legal opinion. For a legally binding assessment, consult a specialist.
Why it matters
Key points about the personal data protection law 152-FZ:
1
Who falls under the law
Any business that collects data from at least one customer. Even cookies on a website count as personal data.
2
What are the fines
Fines of up to 6 million rubles per violation. For repeat offenses — up to 18 million rubles.
3
Who enforces it
Roskomnadzor launched an automatic AI scanner in July 2025. Inspections are rolling out in waves by region.
4
What is checked on the website
Presence of privacy policy and consent forms, use of foreign services, security protocols, and Roskomnadzor notification compliance.
5
How to comply
Publish a privacy policy, add consent checkboxes to forms, remove foreign services, enable SSL, submit notification to Roskomnadzor.
✓
We handle everything
We conduct the audit, prepare documents, fix violations, and file the Roskomnadzor notification.
Fines under Art. 13.11 of the Administrative Code
| Violation | Fine for legal entities |
|---|---|
| Part 1 — Unlawful data processing | |
| Processing personal data in cases not provided by law | 150 000 – 300 000 ₽ |
| Repeat offense | 300 000 – 500 000 ₽ |
| Part 2 — Processing without consent | |
| Processing personal data without consent or with invalid consent | 300 000 – 700 000 ₽ |
| Pre-checked consent checkboxes | 300 000 – 700 000 ₽ |
| No cookie consent notice | 300 000 – 700 000 ₽ |
| Repeat offense | 1 000 000 – 1 500 000 ₽ |
| Part 3 — No published privacy policy | |
| No personal data processing policy | 30 000 – 60 000 ₽ |
| Part 5 — Processing timeline violations | |
| Violation of deadlines for correction, blocking, or deletion of personal data | 50 000 – 90 000 ₽ |
| Repeat offense | 300 000 – 500 000 ₽ |
| Part 6 — Data storage violations | |
| No SSL/HTTPS | 50 000 – 100 000 ₽ |
| Part 8 — Data localization violations | |
| Use of foreign services (cross-border data transfer) | 1 000 000 – 6 000 000 ₽ |
| Repeat offense | 6 000 000 – 18 000 000 ₽ |
| Part 10 — Failure to notify Roskomnadzor | |
| No notification submitted to Roskomnadzor | 100 000 – 300 000 ₽ |
| Parts 12–18 — Data breaches (effective 30.05.2025) | |
| Data breach affecting up to 10,000 subjects | 3 000 000 – 5 000 000 ₽ |
| Data breach affecting up to 100,000 subjects | 5 000 000 – 10 000 000 ₽ |
| Data breach affecting over 100,000 subjects | 10 000 000 – 15 000 000 ₽ |
| Repeat data breach | 1–3% of revenue (up to 500M) |
What is checked
Privacy Policy
Availability, accessibility, content: operator, purposes, data subject rights
Forms and consents
Consent checkboxes in every form, policy links, pre-filling
Cookie banner
Cookie usage notice and consent availability
Foreign services
Google Analytics, reCAPTCHA, fonts, CDN — cross-border data transfer
Technical protection
HTTPS, SSL certificate, security headers, server localization
Roskomnadzor registry
Preparation of operator notification for Roskomnadzor
Content and metadata
Exposed personal data, contacts, meta tags
Save resources
Automatic check in 30 seconds instead of a manual audit. You instantly see what needs to be fixed.
Avoid fines
Fixing violations costs much less than fines. We handle everything — from documents to Roskomnadzor notification.
Consult with our lawyers
Our IT lawyers help with both the technical side and legal issues related to 152-FZ.
How we work
1
Audit
Automatic website check across 58 criteria + manual review by an IT lawyer.
2
Report
Detailed report listing each violation, with legal references and remediation recommendations.
3
Remediation
We fix violations turnkey: privacy policy, forms, cookie banner, replacement of foreign services.
4
Support
Roskomnadzor notification preparation, legislation change monitoring, re-checks.
About 152-FZ in detail
What is 152-FZ?
Federal Law "On Personal Data" is the main legislation governing the collection, storage, processing, and transfer of personal data of citizens in Russia. In effect since 2006, with significantly increased fines in 2025.
Who does the law apply to?
Any organization or sole proprietor that collects personal data: name, phone, email, address, cookies. If your website has a contact form — the law applies to you.
How to comply with 152-FZ?
You need to: publish a privacy policy, add consent to all forms, display a cookie notice, submit notification to Roskomnadzor, stop using foreign analytics services, and enable SSL encryption.
What are the penalties for violations?
Fines under Art. 13.11 of the Administrative Code: from 30K to 6M rubles per first offense, up to 18M for repeat. Since 30.05.2025, revenue-based fines for data breaches — up to 3% of revenue (max 500M rubles). Each violation is counted separately — fines are cumulative.
What data is considered personal?
Any information that can identify a person: full name, phone, email, IP address, cookies, location data, photos, biometrics.
Is it free?
Yes, the express audit is completely free. You get an overall score and assessment across 7 categories. For a detailed report with recommendations, submit a request.
Our company stores data but doesn't process it. Do we need to comply with 152-FZ?
Yes. Storage is one type of personal data processing under the law. Even if you just store a customer database and do nothing with it, you must comply with all requirements.
How to determine the required protection level?
The protection level depends on the type of personal data, number of subjects, and type of threats. For most websites, level 3 or 4 is sufficient. Our specialists will help determine your level.
Is 152-FZ compliance certification mandatory?
Certification is mandatory only for government information systems. For commercial organizations, it is sufficient to assess the effectiveness of protective measures and prepare the appropriate documentation.
How accurate is the automatic check?
Automation covers ~80% of checks. Some items (e.g., Roskomnadzor registry presence) require manual verification. The result is a preliminary assessment, not a legal opinion.
What to do if the score is low?
Request a full report — our IT lawyer will prepare detailed recommendations. We can also fix violations turnkey: from privacy policy to Roskomnadzor notification.
How much does violation remediation cost?
Basic package (policy + forms + cookies) — from 15K rubles. Full compliance package with Roskomnadzor notification — from 100K rubles. Either way, it's far cheaper than the fines.
Free consultation
Our experts are ready to help and answer any of your questions — both technical and legal.
