PRACTICE AREAS
Personal Data Protection
The practice

Our Personal Data Protection practice brings together lawyers with deep, commercially focused expertise in personal data processing and protection. In the context of large-scale digital transformation and the rapid escalation of cyber risks, high-quality legal support has become a key component of business resilience.

As regulatory scrutiny intensifies and statutory requirements become more stringent, businesses must act swiftly to adapt to the evolving regulatory landscape and mitigate data protection risks effectively.

Our team advises Russian and international clients across a broad range of industries on all aspects of personal data and privacy law. We assist with the full spectrum of data protection matters – from legal due diligence and the development of internal policies and procedures to the implementation of comprehensive personal data processing frameworks tailored to our clients’ business needs.

We also support clients in managing regulatory and civil liability risks, including exposure to administrative fines, the consequences of data breaches, website blocking measures and reputational harm.

Where appropriate, we draw on the expertise of other practices within the Firm and collaborate with leading information security and IT service providers. This multidisciplinary approach enables us to design and implement fully integrated solutions aligned with our clients’ business processes and digital infrastructure.

Our lawyers are actively involved in shaping the regulatory and enforcement environment. They participate in expert groups and competence centres under the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor), contribute to the development of draft legislation and official guidance, and co-author regulatory roadmaps aimed at preventing violations of data subjects’ rights.

Reputation:

The Firm’s expertise in personal data protection is recognised by leading Russian legal rankings, including Pravo-300 and the Kommersant ranking.

 

Services

Our services include:

  • Conducting comprehensive legal reviews of business processes, IT systems and internal documentation to assess compliance with personal data legislation, including coordination with information security and technology specialists.
  • Advising on the application of personal data legislation, including complex aspects of regulatory and enforcement practice.
  • Developing and implementing corporate data protection frameworks and strategies tailored to the client’s organisational structure, industry specifics and level of regulatory exposure.
  • Structuring internal and external personal data processing arrangements, including cross-border data transfers, intra-group data flows within international corporate groups and engagement with third-party service providers.
  • Reviewing and drafting agreements and other documentation relating to personal data processing and protection, including contracts with IT contractors and other service providers.
  • Supporting digital transformation projects and the implementation of IT solutions and automated data processing systems, including advice on the use of big data analytics and AI technologies.
  • Providing legal assistance in the event of personal data breaches and other incidents, including the development of response and risk mitigation strategies.
  • Representing clients in their interactions with supervisory authorities, including during inspections and other regulatory reviews.
  • Defending clients in administrative proceedings and court disputes arising from alleged violations of personal data legislation.

Practice Members

Elena Agaeva

Elena
Agaeva

Vladimir Stepanov

Vladimir
Stepanov

Elena Kvartnikova

Elena
Kvartnikova

Marina Petrova

Marina
Petrova

Anna Sargsyan

Anna
Sargsyan

Yury Nadezhin

Yury
Nadezhin

EVENTS

2 December 2025

Irina Kosovskaya and Elena Kvartnikova to Speak at the Annual Amcham Russia Legal Seminar

27 November 2025

Elena Agaeva to Speak at the Legal Affairs Committee Meeting of the Centre for Eurasian Cooperation

View all

Rankings and Awards

12 March 2025

82 EPAM Law Lawyers Included in the Individual Rankings of Pravo-300

10 April 2024

EPAM Leads the Annual Kommersant Ranking of Top Law Firms in 56 Categories

View all
The contents of this information resource (www.epam.ru website‎), including any information and intellectual property, are protected by the Russian legislation and international treaties. All and/or any information and materials may only be used, copied, reproduced or distributed upon prior consent of the titleholder or shall otherwise involve use of remedies.

Lawyers’ comments, presentations and articles posted at or accessible through www.epam.ru represents their personal opinions and findings that may be different from the view taken by EPAM Law.

The information and materials contained in www.epam.ru is for general information purposes only and should not be taken as legal advice or opinion. EPAM Law, its management team, attorneys and employees cannot guarantee that such information is applicable to your purposes and shall not be responsible for your decisions and related eventual direct or consequential loss and/or damage resulting from the use of all or any information contained in www.epam.ru.
Privacy Policy Terms of Personal Data Processing for Attorneys and Employees of EPAM Law
© EPAM Law. 1993-2026. All rights reserved.
Write to us

Fields marked with * are required