152-FZ compliance turnkey

A full audit of personal-data processing, a risk map and a documentation package to pass Roskomnadzor inspections - ahead of the new turnover-based fines and criminal liability.

G-Invest in numbers

23+Years of asset management

$15MManaged by the company

$78MRealized projects volume

650+Projects implemented

We close the personal-data regulatory risk with a single document package.

4stages

From diagnostics to control

8-12docs

Policy package for approval

4-6weeks

Audit and documents timeframe

All about 152-FZ compliance

What is 152-FZ compliance About the service

152-FZ compliance means bringing personal-data processing in line with the law: an audit of personal-data information systems, closing the gaps and a document package ready to present to Roskomnadzor on inspection day.

— A full audit of personal-data processing and a prioritised gap map (critical / high / medium / low)— A package of 8-12 internal policy documents ready for approval by the head of the company— Preparation of the personal-data processing notification to Roskomnadzor and an implementation roadmap

Our Cases

Why G-Invest

01Fixed costA fixed price with no hourly rate and no hidden lines; the exact estimate is set after the express diagnostics.

02Artifacts, not wordsA concrete document package, ready to present to the regulator on inspection day.

03A single point of accountabilityThe project is led by a senior auditor - from diagnostics to representation before Roskomnadzor.

04Full coverage of requirementsWe close all mandatory 152-FZ requirements: policy, consents, contracts with data processors, classification of personal-data systems and the Roskomnadzor notification.

We'll help you choose a solution2 questions - and we'll reach out the way that suits you

Frequently asked questions

Any personal-data operator. If a company collects data of clients, employees or users, it must comply with 152-FZ, file a notification with Roskomnadzor and appoint an officer responsible for organising personal-data processing.

Since 30.11.2024 (FZ-420) the maximum fine for a major data leak is up to 18 mln rub., and for a repeat offence a turnover-based fine of up to 3% of revenue. Criminal liability has been introduced for the illegal handling of personal data (Art. 272.1 of the Criminal Code). The deadline to notify Roskomnadzor of an incident has been cut to 24 hours.

The audit and preparation of the document package take 4-6 weeks: weeks 1-2 - diagnostics, 3-4 - gap analysis and risks, 5-6 - documents and the Roskomnadzor notification. The exact schedule is fixed after the express diagnostics.

8-12 internal policy documents: the personal-data processing policy, a regulation, procedures, instructions, registers of personal data, consent templates, the personal-data system classification act (protection levels 1-4) and a prepared notification to Roskomnadzor.

Yes. We prepare or update the personal-data processing notification and help appoint the officer responsible for organising processing. Preparing the notification is part of the full audit.

Yes. Support is available on a retainer basis: updating the policies, monitoring compliance and supporting Roskomnadzor inspections, including the procedure for notifying of incidents within 24 hours.

Close your personal-data regulatory risk with a single package

Project consultingFull-cycle legal and financial solutions

Buy a business

Sell a business

Legal Support

Financial Support

Accounting services

Tax accounting

Business Valuation

Financial model

Business plan

Business Process Automation