Back to Frameworks

Russia Federal Law on Personal Data (152-FZ)

Russia
v2006 (amended 2023)
8 domains
8 controls

Russia's Federal Law No. 152-FZ on Personal Data (2006, as amended through 2023) regulates the processing of personal data in the Russian Federation. Roskomnadzor (Federal Service for Supervision of Communications) oversees compliance. Key requirements include data localisation (personal data of Russian citizens must be stored on servers in Russia), consent management, and breach notification. Significant amendments in 2022-2023 strengthened enforcement and increased penalties.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (8)

Breach and Enforcement

1 controls
Controls in the Breach and Enforcement domain of Russia Federal Law on Personal Data (152-FZ)1 controls
CodeTitle
RUSPD-8Breach Notification, RKN Inspections, Sanctions

Cross-Border and Localization

1 controls
Controls in the Cross-Border and Localization domain of Russia Federal Law on Personal Data (152-FZ)1 controls
CodeTitle
RUSPD-6Cross-Border Transfer and Data Localization (Article 18.5)

Governance

1 controls
Controls in the Governance domain of Russia Federal Law on Personal Data (152-FZ)1 controls
CodeTitle
RUSPD-7Roskomnadzor Registration, Operator Notification, Governance

High-Risk Processing

1 controls
Controls in the High-Risk Processing domain of Russia Federal Law on Personal Data (152-FZ)1 controls
CodeTitle
RUSPD-4Special Categories, Biometric Data

Individual Rights

1 controls
Controls in the Individual Rights domain of Russia Federal Law on Personal Data (152-FZ)1 controls
CodeTitle
RUSPD-3Data Subject Rights (Access, Correction, Object, Block/Destroy)

Lawful Basis and Consent

1 controls
Controls in the Lawful Basis and Consent domain of Russia Federal Law on Personal Data (152-FZ)1 controls
CodeTitle
RUSPD-2Lawful Basis, Consent, Notice

Scope and Principles

1 controls
Controls in the Scope and Principles domain of Russia Federal Law on Personal Data (152-FZ)1 controls
CodeTitle
RUSPD-1Scope, Definitions, Principles under 152-FZ

Security

1 controls
Controls in the Security domain of Russia Federal Law on Personal Data (152-FZ)1 controls
CodeTitle
RUSPD-5Security of Processing, Confidentiality, FSB/FSTEC Requirements

Your Compliance Coverage

If you comply with Russia Federal Law on Personal Data (152-FZ), you already cover:

+ 100 more: Florida Digital Bill of Rights (FDBR) (38%), ITU-T X.805 - Security Architecture for End-to-End Communications (38%)

See all 103 mapped frameworks ↓

Maps to 103 other frameworks

8 total controls
FTC GLBA Safeguards Rule (16 CFR Part 314)
3 source controls mapped|2 target controls covered
38%
MARS-E
3 source controls mapped|5 target controls covered
38%
FedRAMP Rev 5
3 source controls mapped|2 target controls covered
38%
Florida Digital Bill of Rights (FDBR)
3 source controls mapped|3 target controls covered
38%
ITU-T X.805 - Security Architecture for End-to-End Communications
3 source controls mapped|2 target controls covered
38%
NAIC Insurance Data Security Model Law (MDL-668)
3 source controls mapped|2 target controls covered
38%
NIST Privacy Framework
3 source controls mapped|6 target controls covered
38%
OWASP Top 10 for LLM Applications 2025
3 source controls mapped|2 target controls covered
38%
Oman National Cybersecurity Framework
3 source controls mapped|2 target controls covered
38%
Notifiable Data Breaches Scheme (Australia)
2 source controls mapped|1 target controls covered
25%
25%
Family Educational Rights and Privacy Act (FERPA)
2 source controls mapped|5 target controls covered
25%
25%
India DPDP Act
2 source controls mapped|3 target controls covered
25%
Indiana Consumer Data Protection Act
2 source controls mapped|2 target controls covered
25%
Iowa Consumer Data Protection Act
2 source controls mapped|3 target controls covered
25%
South Korea PIPA
2 source controls mapped|4 target controls covered
25%
Law No. 172-13 on the Protection of Personal Data
2 source controls mapped|3 target controls covered
25%
Ley Orgánica de Protección de Datos Personales (LOPDP)
2 source controls mapped|3 target controls covered
25%
LGPD
2 source controls mapped|3 target controls covered
25%
Liechtenstein DPA
2 source controls mapped|3 target controls covered
25%
Maryland Online Data Privacy Act of 2024
2 source controls mapped|3 target controls covered
25%
Mauritius DPA
2 source controls mapped|5 target controls covered
25%
Mexico LFPDPPP
2 source controls mapped|5 target controls covered
25%
Montana Consumer Data Privacy Act
2 source controls mapped|4 target controls covered
25%
MTCS (Singapore)
2 source controls mapped|4 target controls covered
25%
Nigeria Data Protection Regulation (NDPR)
2 source controls mapped|4 target controls covered
25%
NIST SP 800-122
2 source controls mapped|5 target controls covered
25%
PDPA Singapore
2 source controls mapped|5 target controls covered
25%
PDPA Thailand
2 source controls mapped|5 target controls covered
25%
Personal Data Act (personopplysningsloven)
2 source controls mapped|5 target controls covered
25%
POPIA
2 source controls mapped|4 target controls covered
25%
Privacy Act 1988 (Australia)
2 source controls mapped|5 target controls covered
25%
Privacy Act 2020
2 source controls mapped|4 target controls covered
25%
Qatar DPL
2 source controls mapped|3 target controls covered
25%
FDA 21 CFR Part 11
2 source controls mapped|4 target controls covered
25%
IEEE 7000
2 source controls mapped|2 target controls covered
25%
Indonesia PDP Law
2 source controls mapped|2 target controls covered
25%
ISMAP (Japan)
2 source controls mapped|2 target controls covered
25%
Jamaica Data Protection Act 2020
2 source controls mapped|4 target controls covered
25%
Kentucky Consumer Data Protection Act
2 source controls mapped|3 target controls covered
25%
Malaysia PDPA 2010
2 source controls mapped|4 target controls covered
25%
MDS2 (Medical Device)
2 source controls mapped|3 target controls covered
25%
Minnesota Consumer Data Privacy Act
2 source controls mapped|3 target controls covered
25%
Nebraska Data Privacy Act
2 source controls mapped|6 target controls covered
25%
New Hampshire Data Privacy Act
2 source controls mapped|4 target controls covered
25%
New Jersey Data Privacy Act
2 source controls mapped|3 target controls covered
25%
Nigeria Data Protection Act 2023 (NDPA)
2 source controls mapped|6 target controls covered
25%
NIS2 Directive Implementing Acts
2 source controls mapped|2 target controls covered
25%
NIST SP 800-144
2 source controls mapped|3 target controls covered
25%
NIST SP 800-145
2 source controls mapped|2 target controls covered
25%
NIST SP 800-146
2 source controls mapped|2 target controls covered
25%
NIST SP 800-66
2 source controls mapped|1 target controls covered
25%
NRF Cybersecurity and Data Privacy Framework (National Retail Federation)
2 source controls mapped|2 target controls covered
25%
Oregon Consumer Privacy Act
2 source controls mapped|4 target controls covered
25%
Pakistan Personal Data Protection Bill 2023
2 source controls mapped|3 target controls covered
25%
Peru DPL
2 source controls mapped|3 target controls covered
25%
Global Cross-Border Privacy Rules (Global CBPR) Forum
2 source controls mapped|1 target controls covered
25%
Hong Kong Personal Data (Privacy) Ordinance (PDPO, Cap 486)
2 source controls mapped|2 target controls covered
25%
India Account Aggregator Framework (RBI)
2 source controls mapped|1 target controls covered
25%
Israel Protection of Privacy Law (5741-1981)
2 source controls mapped|3 target controls covered
25%
Japan AI Guidelines
2 source controls mapped|1 target controls covered
25%
Kenya Data Protection Act
2 source controls mapped|1 target controls covered
25%
Kids Online Safety Act (KOSA)
2 source controls mapped|2 target controls covered
25%
Nevada Gaming Control Board Cybersecurity Requirements
2 source controls mapped|1 target controls covered
25%
Nigeria Open Banking Regulatory Framework (CBN, 2023)
2 source controls mapped|3 target controls covered
25%
NIST AI 600-1: Generative AI Profile
2 source controls mapped|1 target controls covered
25%
OECD AI Principles
2 source controls mapped|1 target controls covered
25%
New Zealand Information Security Manual (NZISM)
1 source controls mapped|1 target controls covered
13%
Georgia Law on Personal Data Protection (2012)
1 source controls mapped|1 target controls covered
13%
ICH E6(R3) - Good Clinical Practice
1 source controls mapped|1 target controls covered
13%
Jordan Draft Personal Data Protection Law (2022)
1 source controls mapped|2 target controls covered
13%
Law on Personal Data Protection (Official Gazette No. 42/2020)
1 source controls mapped|1 target controls covered
13%
Paraguay Law on Protection of Personal Data (Law No. 6534/2020)
1 source controls mapped|1 target controls covered
13%
FIDO2 / WebAuthn
1 source controls mapped|2 target controls covered
13%
FISMA
1 source controls mapped|1 target controls covered
13%
Ghana Cybersecurity Act
1 source controls mapped|1 target controls covered
13%
GLI-33 - Gaming Laboratories International Event Wagering Systems
1 source controls mapped|1 target controls covered
13%
HL7 FHIR Security Framework
1 source controls mapped|1 target controls covered
13%
MITRE ATT&CK
1 source controls mapped|1 target controls covered
13%
MITRE D3FEND
1 source controls mapped|1 target controls covered
13%
NIST SP 800-123
1 source controls mapped|1 target controls covered
13%
NIST SP 800-137
1 source controls mapped|1 target controls covered
13%
PTES
1 source controls mapped|1 target controls covered
13%
OWASP Top 10:2025
1 source controls mapped|2 target controls covered
13%
OWASP SAMM
1 source controls mapped|1 target controls covered
13%
OWASP MASVS
1 source controls mapped|1 target controls covered
13%
OWASP DevSecOps Maturity Model (DSOMM)
1 source controls mapped|1 target controls covered
13%
OWASP ASVS
1 source controls mapped|1 target controls covered
13%
OWASP API Security Top 10 - 2023
1 source controls mapped|1 target controls covered
13%
OpenSSF Scorecard
1 source controls mapped|1 target controls covered
13%
O-RAN WG11 Security Specification
1 source controls mapped|1 target controls covered
13%
NIST SP 800-92
1 source controls mapped|1 target controls covered
13%
NIST SP 800-88
1 source controls mapped|1 target controls covered
13%
13%
NIST SP 800-63-4
1 source controls mapped|1 target controls covered
13%
NIST SP 800-61
1 source controls mapped|1 target controls covered
13%

Frequently Asked Questions

What is Russia Federal Law on Personal Data (152-FZ)?

Russia Federal Law on Personal Data (152-FZ) is a compliance framework from Russia with 8 domains and 8 controls. Russia's Federal Law No. 152-FZ on Personal Data (2006, as amended through 2023) regulates the processing of personal data in the Russian Federation. Roskomnadzor (Federal Service for Supervision of Communications) oversees compliance. Key requirements include data localisation (personal data of Russian citizens must be stored on servers in Russia), consent management, and breach notification. Significant amendments in 2022-2023 strengthened enforcement and increased penalties. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does Russia Federal Law on Personal Data (152-FZ) have?

Russia Federal Law on Personal Data (152-FZ) has 8 controls organised across 8 domains. The largest domains are Breach and Enforcement (1 controls), Cross-Border and Localization (1 controls), Governance (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does Russia Federal Law on Personal Data (152-FZ) map to?

Russia Federal Law on Personal Data (152-FZ) maps to 103 other compliance frameworks. The top mapping partners are FTC GLBA Safeguards Rule (16 CFR Part 314) (38% coverage), MARS-E (38% coverage), FedRAMP Rev 5 (38% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with Russia Federal Law on Personal Data (152-FZ) compliance?

Start your Russia Federal Law on Personal Data (152-FZ) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Russia Federal Law on Personal Data (152-FZ) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 8 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.

Get Started Free →

Free forever — no credit card required