Irina Anyukhina

Irina Anyukhina

Partner
Irina Anyukhina

Chambers Europe

Irina Anyukhina is high knowledgeable and dedicated. She has a strategic and business-oriented approach. Clients appreciate Irina for her thoughtfulness and ability to clearly enunciate the core of the matter.

Biography
Recent work
Publications and Insights
Rankings and awards

Irina Anyukhina is an ALRUD Law Firm partner heading Labour and Employment practice.

Irina is a recommended expert on Labour law, advising international and Russian companies on international and cross-border workplace issues, reductions and restructurings, senior executives and expatriate issues.

Irina operates at the interface of employment and corporate laws in cases involving mergers and acquisitions, implementation of incentive programmes, executive compensation and benefits, global and local employment policies, outsourcing, and employee privacy issues. Irina is often involved in cross-border and internal investigations of employees’ misconduct. Irina represents clients in out-of-court settlements and disputes with employees.

Irina Anyukhina joined ALRUD in 2002 and became partner in 2007. Clients praise Irina for her business-oriented approach, outstanding communication skills, thoughtfulness and ability to clearly enunciate the core of the matter.

Irina graduated from the Moscow State University of International Affairs with Ministry of International Affairs of Russia, Public international law division of International law department.

Irina is a member of International Bar Association and American Bar Association.

Includes advising and representing:

Uber

in its major business merger deal with Yandex on a great number of employment and HR-related questions.

Akzo Nobel

with separation of its Specialty Chemicals business unit, development and implementation of employee restructuring plan.

Philip Plein

on the development of HR policies, including bonus policy for sales employees.

An internationally leading medical device company

with staff restructuring to ensure balanced shareholder control over business operations.

Olam

on the legal and tax implications of implementing the international employee share plan.

The major analytics company

with a complex internal investigation of alleged misconducts of two employees of the Russian subsidiary.

One of the leading Japanese manufacturer of commercial vehicles and diesel engines

with reviewing the evidences concerning incompliances of one of the top manager, and developed the strategy for protection of the Client’s and its CEO’s business reputation.

The group of music companies

in 4 litigations with the conflict employee who had access to the financial resources of the Client.

Concise and to the point with ALRUD: HR & DIGITAL (№12)
State Duma passes law on anonymization of personal data in second and third readings
The [law](https://sozd-duma-gov-ru.translate.goog/bill/992331-7?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wappbh_histras 'law') provides for the creation of a state information system with anonymized PD (“PD”). The PD operator (employer) will be obliged to anonymize processed data (e.g., of employees) and provide it to the state information system at the request of the Ministry of Digital Development, Communications and Mass Media, which will have to ensure the confidentiality of this data. The law is due to come into force from 1 September 2025. The new law is generating numerous questions for companies, especially in terms of how companies must anonymize PD and what software to use for this purpose. Companies will probably have to buy certified software, which is not yet available on the market. The old Roskomnadzor (Russian Data Protection Authority) order describes anonymization methods for municipal and state bodies and does not provide anonymization methods for private companies, nor does it provide information on technical means for anonymization. The state authorities have started accepting applications for IT deferment from military service from 24 July to 6 August 2024
Employees of accredited IT companies aged between 18 and 30 may apply for deferment from military service in the autumn conscription through Gosuslugi from 24 July to 6 August 2024. If an employee does not have a personal account on Gosuslugi, the company itself will be able to add him to the list. Companies, meanwhile, are required to check and confirm employees' data and send the lists to the Ministry of Digital Development, Communications and Mass Media by 11 August 2024. One company may send several lists as they are compiled. The Ministry of Digital Development, Communications and Mass Media will send the information to the Ministry of Defence by 31 August 2024. From 1 October to 31 December, the conscription commission will make decisions on deferment. Please note that employees of conscription age employed in the IT sector may qualify for deferment of conscription for military service if they: - Work in an accredited IT company under an employment contract with normal working hours - Have completed university education in a major from this special [list](https://publication-pravo-gov-ru.translate.goog/Document/View/0001202204010045?index=4&_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp 'list') - Have at least 11 months of work experience in the IT sector during the year preceding the date of recruitment Prohibition to include consent to processing of PD in other documents
A [draft law](https://sozd-duma-gov-ru.translate.goog/bill/679980-8?ysclid=lyzstl76k2625458467&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp 'draft law') has been submitted to the State Duma to formalize consent to the processing of PD separately from other documents signed by the subject of PD and/or provided to him/her for review. According to the authors, consent to the processing of PD is often currently included in contracts or other consents to the processing of PD, which are provided for other purposes. These documents contain, among other things, a significant amount of information not related to the processing of PD and conditions for consent to the processing of PD, including for the purpose of transferring it to an indefinite number of persons. In practice, we often see situations where consent to the processing of an employee's PD is “stitched” into an employment contract. Although there is currently no explicit prohibition in the law to incorporate consent with the text of the employment contract, such an approach can already be challenged, as the employee is considered a weak party and such incorporated consent may be considered non-free and involuntary. We strongly recommend that all employers abandon the practice of including any consents to the processing of PD in employment contracts, other agreements, instructions and local policies, particularly as consent is not the only possible means for processing employees' PD. In many cases, the processing of employees' PD may also be justified by an agreement with the employee or a legal obligation, including obligations that the employer has to employees under the Labour Code of the Russian Federation. Where the processing of PD necessarily requires consent, such consent must be specific, conscious and unambiguous, i.e., obtained separately from other documents, as well as substantive and informed.
02 August 2024
Concise and to the point with ALRUD: HR & DIGITAL (№11)
Reminder
It is illegal for a company to refuse to provide benefits (e.g., voluntary medical insurance) due to an employee's failure to provide consent to the processing of personal data. This was the conclusion reached by the 3rd Cassation Court of General Jurisdiction in Resolution No. 88-1047/2024 dated 15 January 2024. Key facts of the case
Per the employment contract, employees agreed to comply with all the requirements of the employer’s Internal Labour Regulations and other in-house policies. In accordance with the Policy on Additional Benefits for Employees, employees were eligible to receive benefits if they provide written consent to the processing of their personal data. In the absence of such consent, the benefits for employees could be suspended. An employee who was reinstated at work and did not provide consent to the processing of personal data filed a claim in court to require the company to provide voluntary medical insurance. All three court instances (district court, appellate court and court of general jurisdiction) supported the employee, pointing out that legislation on personal data stipulates that the subject of personal data has the right to grant consent to the processing of such data. However, such consent must be provided exclusively voluntarily. Whether or not a personal data subject exercises his/her rights cannot be made dependent on exercising the right to receive additional benefits provided to an employee as part of employment relations. As a result, the courts satisfied the employee's claims to require the employer to provide voluntary medical insurance on the terms of the existing in-house policy no later than 3 business days from the date on which the court decision takes effect. Claims > To require an employer to provide voluntary medical insurance, recover the amount of food subsidies, provide compensation for delayed payments, provide annual paid leave, and provide compensation for moral damages Resolution > To uphold the decisions of the lower court instances and dismiss the cassation appeal
24 July 2024
Irina Anyukhina is to speak at offline conference “Smart strategies at the tight labour market”
On 18 July [Irina Anyukhina](https://www.alrud.com/people/IrinaAnyukhina/ 'Irina Anyukhina'), Partner, Head of ALRUD Labour and Employment Practice, will speak at ECOPSY offline conference “Smart strategies at the tight labour market”. During her presentation, Irina will talk about the outstaffing pitfalls: regulation, execution of documents, risks. This year, manpower shortage has become the major problem for enterprises and a serious threat to the economy. Despite the fact that the level of unemployment fell to its record low a year ago, it continues to decline. ECOPSY and ALRUD experts, HR representatives from large manufacturing companies will discuss the touchiest issues. Please join us! You may register on the [organizers’ website](https://bluecollar.ecopsy.ru/?utm_source=email-alrud&utm_medium=email-july&utm_campaign=strategii-raboty-s-personalom 'organizers’ website').
11 July 2024
Concise and to the point with ALRUD: HR & DIGITAL (№10)
Roskomnadzor (Russian Data Protection Authority) plans to make it easier for personal data subjects to revoke consent to the processing of personal data
Roskomnadzor proposes making it possible to revoke consent to the processing of personal data “in one click”. Technically, the mechanism can be implemented as part of the consent management system that the Ministry of Digital Development, Communications and Mass Media created on the basis of the Gosuslugi service, but it will require revisions to standards. The relevant draft law may be considered as early as September. Business fears that implementing the plan will lead to increased costs for the restructuring of information systems. Criminal liability for violating the secrecy of correspondence and destroying corporate information
The Oktyabrsky District Court of Ufa handed down a verdict in a criminal case against a former employee of the company. He was found guilty of committing crimes under Part 1 of Article 138 of the Russian Criminal Code (violation of the secrecy of correspondence) and Part 2 of Article 272 of the Russian Criminal Code (unlawful access to legally protected computer information committed out of self-interest). The court found that in November 2023, a man who previously worked as a system administrator remotely copied the email correspondence, contacts, and personal data of the general director and corporate information containing trade secrets and destroyed them. The defendant pleaded guilty to the crimes. The court sentenced him to a fine of 120,000 RUB (approximately 1,364 USD or 1,268 EUR). The verdict does not contain information about the company filing a civil claim in criminal proceedings to compensate for damages caused as a result of the destruction of corporate information. Question > Can the data controller be subjected to administrative liability during the moratorium on inspections? Position of the 8th Court of the General Jurisdiction (Case No. 2a-2919/2022) > If a violation is revealed during the consideration of materials received, including from a citizen, Roskomnadzor may conduct an inspection and initiate an administrative offence case or refuse to initiate it.
05 July 2024
Concise and to the point with ALRUD: HR & DIGITAL (№9)
Ban on foreign information security services from “unfriendly” jurisdictions
Decree No. 250 of the Russian President dated 1 May 2022 “On Additional Measures to Ensure the Information Security of the Russian Federation” previously imposed restrictions on the use of foreign information security means. In particular, government authorities, state corporations, systemically important organizations, and subjects of critical information infrastructure (“CII subjects”) are prohibited from using information security means as of 1 January 2025: - Originating from “unfriendly” states; - Or from manufacturers that are organizations under the jurisdiction of “unfriendly” states, directly or indirectly controlled by them or affiliated with them. Decree No. 500 of the Russian President dated 13 June 2024 extended the scope of the ban: as of 1 January 2025, government authorities, state corporations, systemically important organizations and CII subjects are also prohibited from using cybersecurity services (work or services) from companies from “unfriendly” states. If your company belongs to government authorities, state corporations, systemically important organizations or CII subjects, we recommend that together with IT you conduct an audit of software and IT services used for HR, accounting and personnel management purposes in order to ensure timely compliance with the requirements of the above-mentioned presidential decrees. A 14th package of sanctions, including IT restrictions, has been imposed against Russia
The USA has significantly expanded sanctions against Russia, with new restrictions affecting financial infrastructure, cloud services and information technology. The USA will ban a number of software and IT services as of 12 September 2024. The US Department of the Treasury, together with the State Department, issued a special decree with the following restrictions: - It is prohibited to provide any person in Russia with design services and IT consulting services; - It is prohibited to supply cloud technology and IT support services for business management, as well as design and manufacturing software. Russian companies using such software for HR purposes may consider the following courses of action: - Change the vendor, which will allow them to continue using the software in Russia; - Localize relevant HR processes. Exemption from liability for personal data leaks due to the insignificance of the offence
During the ‘I Give My Heart to Children’ Russian Professional Skills Competition for Continuing Education Employees, there was a technical failure that led to the brief publication (three minutes) of information about a personal data subject on the competition website. The subject’s passport details, registration address, telephone number and email address were published, all of which constitutes personal data. In court, the data controller pointed out that the incident was caused by a technical malfunction in the service, third parties did not gain access to the personal data since the violation was eliminated as soon as possible, and no damage was caused to the subject of the personal data. The Russian Federal Service for Supervision of Communications, Information Technology and Mass Media, (Roskomnadzor) reported that it did not receive any complaints about the data controller as a result of the incident. In accordance with the law, the data controller sent a notification about the leak of personal data. A justice of the peace of the Danilovsky District of Moscow (Case No. 05-1415/456/2023) ruled that the data controller had failed to ensure the confidentiality of personal data and had not prevented unauthorized access to it by third parties, and qualified the offence under Part 1 of Article 13.11 of the Code of Administrative Offences of the Russian Federation. However, since the court had no evidence that information about the personal data subject had been copied, obtained or used by third parties to violate its legally protected rights, including through the competition website, the court relieved the data controller of administrative liability due to the insignificance of the offence and limited itself to a verbal reprimand.
25 June 2024
ALRUD Labour and Employment Practice provides comprehensive out-of-court legal support to one of the largest Russian energy companies
Within a complicated labor dispute involving a middle-level employee, the ALRUD team offered the client comprehensive out-of-court legal defense. The project involved the development and adjustment of the legal position for a client who was representing themselves in court. We made it a priority to address any inconsistencies and violations attributed to the employee, while also preparing a strong defense against claims for a substantial bonus payment. During a series of strategy meetings with the client, we provided insightful commentaries and valuable recommendations on how to proceed in court. Through this collaboration, the company was able to enhance its defense strategy, identify strong justifications for disciplinary sanctions, and ultimately protect its position with success. The project presented a challenge in dealing with numerous infringements and violations, some of which exceeded the usual procedural terms. The non-financial audit performance was carefully analyzed to determine the validity of any violations, with a strong focus on the legal aspects. The project was crucial for the client as it helped them avoid paying a substantial bonus and default interest, which could have greatly increased their financial expenses. In addition, the company's strong confirmation of the legality of the disciplinary sanctions has further solidified its position in terms of corporate governance. ALRUD team working on the project included Partner [Irina Anyukhina](https://www.alrud.com/people/IrinaAnyukhina/ 'Irina Anyukhina') and Senior Associate [Margarita Egiazarova](https://www.alrud.com/people/MargaritaEgiazarova/ 'Margarita Egiazarova').
24 June 2024
Concise and to the point with ALRUD: HR & DIGITAL (№8)
The State Duma will consider a draft law on the possibility for the plaintiff to receive personal data (“PD”) of the defendant
Amendments are planned to be made to the Civil Procedure Code of the Russian Federation. It is proposed to grant the plaintiff the right to file a motion to the court for assistance in establishing information about the defendant, which is necessary to file a claim in court, but the plaintiff does not have. In addition, if the law is adopted, the court will be able to independently determine the ist of data about the defendant necessary to accept the claim. More than half of the surveyed small and medium-sized businesses are not ready for tougher sanctions for PD leaks
Less than half of Russian companies (44%) from the SMB segment have managed to review their PD protection measures against the background of possible tightening of sanctions for their leaks. 50% of companies have not even studied the amendments in detail, and some do not plan to strengthen protection at all yet. Some of the respondents (45%) expect to strengthen protective processes “within a year”, another 8% - “in the next six months”. There are also those (4%) who do not plan to review the protection at all yet. At least 32% of SMB respondents are concerned about reputational risks from sanctions. 68% of respondents are concerned about financial losses, including from the imposition of fines. It is noteworthy that only 43% of respondents have conducted an audit of PD processing processes over the past 3 years, 11% conducted an audit more than 3 years ago. Almost a quarter (21%) have never conducted an audit at all. 25% of the respondents could not give an answer to this question. We remind you that the draft laws on administrative and criminal liability for PD leaks are planned to be finally considered this spring session of the State Duma. Regardless of the adoption of these bills in this session, we recommend that data controllers be prepared to tighten liability for PD leaks. To this end, companies should conduct an audit of PD processing processes and an IT security audit. A draft law on the right of the Federal Tax Service to transfer information that constitutes a tax secret to interdepartmental commissions has been adopted in the first reading
According to the new law on employment, interdepartmental commissions on combating illegal employment will be created in the regions of the Russian Federation. They have the right to receive from various authorities, including the tax service, PD and information constituting a tax secret. They want to extend the effect of the tax secrecy regime to cases where the tax authorities transfer relevant information and information to interdepartmental commissions of the subjects of the Russian Federation and territorial bodies of the Federal Service for Labour and Employment (Rostrud). Following the results of the prosecutor's office's inspection, the DPO of the company was brought to administrative liability
The Prosecutor's office of the Kirovsky district of Saratov conducted an inspection of compliance with legislation in the field of PD protection in a medical company. During the supervisory activities, together with a specialist of the Roskomnadzor Department for the Saratov region, a fact of illegal dissemination of a database containing PD of clients, in particular phone numbers and full names, was revealed. According to this fact, the district prosecutor's office initiated an administrative offense case under Part 1 of Article 13.11 of the Administrative Code of the Russian Federation against a responsible official of a medical company. According to the results of the consideration of the case, the DPO was sentenced to an administrative fine in the amount of RUB 10,000 (approx. USD 112, EUR 103). Question > Can an employer track the location of employees through their personal smartphones?Can an employer track the location of employees through their personal smartphones? Answer from Rostrud > The employer has the right to monitor the employee through an application in a mobile phone, if this is related to the performance of job duties. We additionally note the need to obtain the consent of employees to track and process PD.
06 June 2024
Irina Anyukhina prepared a review for the IBA GEI Annual Global Report
The International Bar Association Global Employment Institute (IBA GEI) published its 12th annual global report on general international trends in human resources law with examples from 54 countries. [Irina Anyukhina](https://www.alrud.com/people/IrinaAnyukhina 'Irina Anyukhina'), Partner of ALRUD Labour Practice, covered a block of issues related to current regulatory trends and developments in Russian labour and migration law, including artificial intelligence, flexible working, alternative workforce, unions, labour disputes. The global report can be found [here](https://www.ibanet.org/document?id=IBA-GEI-Twelfth-Annual-Global-Report-May-2024 'here').
27 May 2024
ALRUD Labour Practice holds an HR club dedicated to financial liability of employees
On 22 May 2024 ALRUD hosted face-to-face meeting of HR-Club on the topic: “Financial liability in labour relations: a dialogue on the eternal”. The following experts from ALRUD Labour Practice participated in the discussion: [Irina Anyukhina](https://www.alrud.com/people/IrinaAnyukhina/ 'Irina Anyukhina'), Partner, [Maria Nevezhina](https://www.alrud.ru/people/MariaNevezhina/ 'Maria Nevezhina'), Senior Associate, PhD in Law, [Ekaterina Bronitsyna](https://www.alrud.ru/people/BronitsynaEkaterina/ 'Ekaterina Bronitsyna'), Associate. The participants discussed how to bring an employee to financial liability effectively and safe for the company; how to recover damages; how to document the procedure so that even the most demanding court would take the employer’s side; how to bring top-management to liability without reputational losses. *ALRUD HR-Clubs are held in the format of live discussion, exchange of views, and dialogue between business and lawyers. Dialogue between legal counsels and practitioners makes the event the most useful for all the club members.* *If you or your colleagues would be interested to participate, we invite you to join the discussion. Please address all the issues concerning participation to Senior Marketing Manager Anna Glukhova: aglukhova@alrud.com* ![](/upload/Photo_News/2024_NewsPhoto/2024_Small_January_June/22_мая_hr_клуб.jpg)
27 May 2024
Concise and to the point with ALRUD: HR & DIGITAL (№7)
The Federation Council clarified how the Russian Digital Code will look like
Work on the Digital Code, which will become the basis for legal regulation of relations in the field of information and digital technologies, will take at least another year, and a significant part of the future document is planned to be devoted to the protection of personal and biometric data. The structure of the Code reflects two parts – general and special: - the general part will list the basic concepts, terms, principles, subjects and objects of law, that is, all that is called the conceptual apparatus; - in a special part – specific types of state and social institutions, types of legal relations and ways of their regulation. Separately, the Federation Council noted that the special part involves three large sections: issues of communication, information and personal data protection. We recommend that employers monitor the development and adoption of the code, as it can have a direct impact on digitized HR processes in companies. Participants of JSC and LLC at online meetings will be identified by electronic signatures or biometric personal data
Draft amendments to the laws on JSC and LLC have been prepared for the second reading in the government bill (No. 103501-8). Initially this document was devoted to another issue: it provided for the possibility of the JSC to suspend the sending of correspondence and payment of dividends to shareholders who have not contacted the company for more than two years (the so-called lost shareholders). It is proposed to use a choice of five options when identifying a participant in online meeting: enhanced qualified electronic signature, enhanced unqualified electronic signature, personal data from the Unified Identification and Authentication System (ESIA), as well as information from the Unified Biometric System (EBS). At the same time, non-public JSC will be able to deviate from the rules set out: specify in the charters other ways to reliably identify persons taking online participation in the meeting and ways to sign ballots. The bill also regulates the general rules for online meetings. For example, such a format should provide for broadcasting, and the company is obliged to keep a record of it. If there are significant technical problems that make it impossible to hold a meeting, the vote is declared invalid. Question > Should the Data Protection Officer (DPO) be directly subordinate to the General director?Should the Data Protection Officer (DPO) be directly subordinate to the General director? Answer from Roskomnadzor > The DPO receives instructions directly from the executive body of the organization that is the data controller and is accountable to it.The DPO receives instructions directly from the executive body of the organization that is the data controller and is accountable to it.
23 May 2024
Pravo-300, 2023 recommends Irina Anyukhina for Labor and migration law, Compliance.
Best Lawyers 2022 recommends Irina Anyukhina for Labor and Employment Law, Privacy and Data Security Law, Construction Law, TMT (telecommunications, media and technology), Intellectual Property Law.
Chambers Europe, 2021 recommends Irina Anyukhina for Labor and Employment Law.
The Legal 500 Europe, Middle East & Africa 2021 recommends Irina Anyukhina for Labor and Employment Law.
Who’s Who Legal,Thought LeadersThought Leaders - Labour & Employment 2021 and Global Leader Labour & Employment 2021 and Pensions & Benefits 2021 recommends Irina Anyukhina as a leading practicing lawyer.
We use cookies to offer better performance of the website and fulfill some other purposes specified in the Privacy Policy. By way of ticking the box you provide your consent to use of cookies. Otherwise, we will only use technical cookies, which are necessary for proper functioning of the website.
Accept