Personal data inspections in 2026: the NCPDP has published the plan
The National Centre for Personal Data Protection (NCPDP) has published the schedule of planned inspections for 2026.
The plan includes 10 operators (authorised persons) carrying out large-scale processing of personal data across various sectors. The Centre notes that, in 2026, during inspections the emphasis will be placed on assessing compliance with personal data legislation by authorised persons.
The inspection plan for 2026 can be accessed via the link.
Important to consider
In addition to planned inspections, the NCPDP is entitled to carry out:
- desk (off-site) inspections;
- unannounced inspections — where there are statutory grounds.
In the context of such inspections, an assessment is made of whether business processes comply with the requirements of personal data legislation, rather than merely whether documents are formally in place. The NCPDP also regularly publishes on its website clarifications and methodological materials intended to assist operators (authorised persons) in complying with the legislation; these materials may be used as a reference point during inspections.
What we recommend doing already now
REVERA’s team of lawyers has developed a personal data protection checklist which helps:
- identify basic risks in personal data processing workflows;
- assess the company’s readiness for inspections;
- determine areas requiring improvement before regulatory oversight begins.
| The checklist does not replace a full internal audit and legal advice; however, it is an important first step in assessing whether processes comply with legislative requirements. If your company processes personal data in significant volumes, we recommend checking readiness for inspections in advance and, where necessary, seeking professional support. |
Authors: Liudmila Epikhova, Aleksandra Maglysh.