Skip to content

152-FZ Compliance Audit

One URL, three checks: RKN blocking registry, cookie inventory, third-party tracker fingerprints. Designed around 152-FZ Article 12 (cross-border PII transfer notification).

Educational tool only — not legal advice. Consult a qualified lawyer for binding 152-FZ assessments.

152-FZ Readiness Self-Assessment

15 questions across 3 categories. ~3 minutes. Saved locally in your browser only.

1/15 Do you collect personal data of Russian residents through your site or app?
2/15 Is the legal basis (consent, contract, law) documented for every category of data collected?
3/15 Is the data-minimization principle applied — collecting only what is strictly required for the purpose?
4/15 Are separate explicit consents collected (cookies, newsletters, third-party sharing) instead of one bundled checkbox?
5/15 Is an up-to-date personal data processing policy published with operator details and contacts?
6/15 Are RU residents' personal data stored on servers physically located in Russia? (Art. 18 cl. 5)
7/15 Is the operator registered in the Roskomnadzor registry of personal-data operators?
8/15 Do you know the names and jurisdictions of every hosting provider (including CDN, backups, logs)?
9/15 Has a person responsible for the organisation of personal-data processing (DPO) been appointed?
10/15 Is there a procedure to notify RKN of personal-data incidents within 24 hours? (Art. 21 cl. 3.1)
11/15 Do you transfer RU residents' personal data abroad (including analytics, marketing, CRM)?
12/15 Has a cross-border transfer notification been filed with RKN before the transfer started? (Art. 12 cl. 3)
13/15 Are all recipients located in countries with an adequate-protection regime per the RKN order?
14/15 Is explicit written consent collected for cross-border transfers to countries without adequate protection?
15/15 Does the privacy policy list every third party receiving personal data (analytics and pixels included)?

Disclaimer. This is an automated self-assessment, not legal advice. Results indicate apparent readiness only. Consult qualified Russian privacy counsel for a binding compliance opinion specific to your operation.

What 152-FZ Article 12 covers

Article 12 of Russian Federal Law 152-FZ requires every operator that handles personal data to (a) notify Roskomnadzor before any cross-border transfer, (b) keep an internal record of every cookie and tracker that touches user identifiers, and (c) demonstrate that no third-party SDK leaks PII to a country without an adequate-protection ruling.

This bundle gives you a quick technical baseline for those three obligations. It does not replace a privacy-impact assessment, a Record of Processing Activities, or a lawyer.