Article 1. Article189.17 of the Code of Administrative Violations of December 6, 1985, shall be edited as follows:
“Article 189.17. “Personal Data Protection” of the Law Violation
- The violation of the procedure laid down by the law of personal data collection or recording or input or coordination or arrangement, or amendment or storage or use or transfer or transformation or restoration, if the act does not contain elements of a crime, shall result in a fine from two hundredfold to five hundredfold of the minimum salary for natural persons, and 0.1 percent of their annual income for legal entities, but not less than a thousandfold of the established minimum salary.
- The violation of the procedure laid down by the law of personal data destroying or blocking, if the act does not constitute a crime, shall result in a fine from three hundredfold to five hundredfold of the minimum salary for natural persons, and 0.1 percent of their annual income for legal entities, but not less than a thousandfold of the established minimum salary.
- Failure to provide information provided by the processor at the request of the subject of personal data during the collection of personal data or violation of the procedure of provision or non-clarification of the reasons and consequences of not providing shall result in a fine from a hundredfold to two hundredfold of the minimum salary for natural persons, and 0.05 percent of their annual income for legal entities, but not less than five hundredfold of the established minimum salary.
- Failure to notify the authorized body of personal data protection by the processor of personal data or the violation of the notification procedure shall result in a fine from fifty fold to a hundredfold of the minimum salary for natural persons, and 0.1 percent of their annual income for legal entities, but not less than a thousandfold of the established minimum salary.
- Failure to use encryption while processing personal data, if the act does not contain elements of a crime, shall result in a fine of a hundredfold of the minimum salary for natural persons, and 0.05 percent of their annual income for legal entities, but not less than five hundredfold of the established minimum salary.
- Violation of the security requirements for the processing of personal data in information systems, violations of security requirements of biometric personal data outside material drives and information systems, if the act does not contain elements of a crime, shall result in a fine from a hundredfold to two hundredfold of the minimum salary for natural persons, and 0.1 percent of their annual income for legal entities, but not less than a thousandfold of the established minimum salary.
- Failure to maintain the confidentiality of personal data in the course of fulfilling duties related to the processing of personal data or after its suspension by personal data processors or other people prescribed by RA Law on “Protection of Personal Data” shall result in a fine from two hundredfold to three hundredfold of the minimum salary.
- The actions provided for in this Article shall be exempt from administrative liability if within the time frame set by the authorized body or before making the decision on being subject to administrative liability, the violation is eliminated and the evidence is provided to the authorized body.”
Article 2. This law shall enter into force on the tenth day following the day of its official publication.