The expert named ways to avoid fines for leaking personal data for businesses

From May 30, 2025, tougher measures of responsibility for the leakage of personal data will come into force in Russia. According to the new regulations, officials face imprisonment for up to 10 years, and companies face fines of up to 20 million rubles for leaking biometric data. On May 20, Evgeny Kalashnikov, Head of Engineering Tools at the Sphere platform (T1 IT Holding), told Izvestia what measures businesses need to take to avoid serious financial and reputational losses.

According to the expert, all business processes related to data storage and processing, including CRM systems, customer bases and HR platforms, are at risk. Two aspects play a key role in security: technical protection measures and the human factor. They are the ones who most often become the weak links leading to serious incidents.

Getting personal: Why biometrics were needed in popular apps

The new level of protection creates a risk of data leakage

Among the common mistakes of companies, the specialist highlights the lack of a clear data processing policy, weak access control and vulnerabilities in IT systems.

"New requirements force businesses to pay special attention to data storage and transmission processes, as they are the ones that most often become targets for intruders. The lack of an access monitoring and auditing system, as well as a lax approach to cybersecurity in general, are the main causes of leaks," he added.

Kalashnikov called depersonalization and data masking one of the most effective protection tools. If the information is anonymized, it cannot be compared with specific people, which minimizes the consequences of leakage. This approach is especially relevant for large companies working with large amounts of data. At the same time, the expert clarified that depersonalization does not eliminate the problem itself, but makes the data useless to intruders.

The specialist paid special attention to working with artificial intelligence (AI).

"Today, companies are increasingly using AI to optimize business processes. However, only anonymized data must be used to train algorithms. Otherwise, the risk of leakage increases: the model may gain access to unprotected information, and through the language system itself, attackers may try to extract confidential data," the specialist warned.

A separate approach requires the protection of biometric data, which is difficult to completely depersonalize. For them, the expert recommended using segmentation and enhanced encryption, as well as implementing additional security measures.

"An integrated approach to information protection allows not only to minimize the risks of fines, but also to increase the trust of customers and partners. Transparency in data processing and storage is becoming an important competitive advantage against the background of stricter legislation," Kalashnikov concluded.

Earlier, on May 5, it was reported that it was impossible to completely eliminate the risks of leaks, even if basic precautions were followed. To minimize the risks of data leakage, you should use different and complex passwords on all services, and enable two-factor authentication wherever possible.