Russia enacts data localisation requirement
Data privacy at your fingertips
The Russian data protection landscape has seen some important developments in the past couple of months with the signing of a new Law No. 242-FZ “On Amendments to Certain Laws of the Russian Federation in Order to Clarify the Procedure for Personal Data Processing in Information and Telecommunications Networks”
The new Law No. 242-FZ “On Amendments to Certain Laws of the Russian Federation in Order to Clarify the Procedure for Personal Data Processing in Information and Telecommunications Networks”, which is expected to enter into force on September 1, 2016 (though, it cannot be excluded that earlier effective date will be approved). The main changes include the obligation of data operators to ensure while collecting personal data that recording, systemisation, accumulation, storage, clarification (updating, modification) and retrieval of Russian citizens’ personal data is to be conducted in databases located on the territory of the Russian Federation. While data operators failing to comply with the new law risk having their websites blocked in Russia and being listed in the Register of Personal Data Rights Violations, Russian experts believe that it will still be possible to transfer personal data abroad.
The current version of the new Law applies to all companies carrying out business activities in Russia that involve processing of personal data of Russian citizens, regardless of whether they have a physical presence in Russia. In practice, this mean that any foreign social networking, online shopping and other types of websites that receive information about Russian citizens will be required to install servers in Russia, and store or process information about Russian citizens only by using servers located in Russia. Deloitte Belgium is following the developments of this new legislation closely in collaboration with its Russian local experts and will keep you abreast of the follow-up.