Data Protection – Russia’s solution to a global problem

Data Protection
28 September 2015
By The Say Team
No Comments

Data Protection – Russia’s solution to a global problem

 

As communications professionals we’re taking a keen interest in the EU General Data Protection Regulation which looks set to be put in place by the end of the year. After all it has significant implications for how we process and store our customers’ personal data.

However, in the interim Russia has adopted its own new Data Localisation Law that went live on 1 September. If you work for an international business with a physical presence in Russia, or have websites “directed at” Russian users, then you need to take heed of it.

Here’s a brief summary of what you need to know.

 

The legislation at a glance

The rules state that when you collect data about Russian citizens you must store it on a database in Russia. This doesn’t have to be the exclusive location for processing it. It is sufficient that the Russian database is your primary or “entry-level” database.

You can export the data outside Russia subject to compliance with the usual data protection export rules which will require individual consents and transfer agreements.

 

How is it enforced?

The Russian data protection authority Roskomnadzor can impose penalties for non-compliance, though the fines are relatively low.

However, more significantly it can — punish those failing to comply by blocking the websites used to collect or process Russian citizens’ data.

It therefore has the potential to cause significant disruption to any business that relies on a strong online presence.

 

How should you respond?

  1. Act now to ensure you are not caught out. Big international companies such as Ebay, PayPal, Lenovo, Samsung, Booking.com and Uber have already moved their Russian users’ databases to Russian locations.
  2. Consult your IT team to ensure your database architecture can be changed to fit within the new regulation.
  3. Map the way in which you collect and store data about Russian citizens as well as the location of relevant databases. That way you’ll be prepared if you are ever called on to demonstrate compliance.

National or even Europe-wide regulation will always struggle to keep up with the pace of technological change. It could also be argued that it is impossible to apply a regional solution to global data protection issues.

However, it’s important to take the new regulations seriously as attitudes to data protection are hardening and there could be serious consequences for failing to comply.

 

Written by Mayya H.

Comments

Related posts

16
Oct
Say security poll reveals biggest threat to cybersecurity is WFH devices
By The Say Team
No Comments

The pandemic has transformed many aspects of our lives and businesses have been a focal…

05
Jun
Lessons from the TalkTalk Data Breach – Baroness Dido Harding’s Perspective at Infosecurity 2018
By The Say Team
No Comments

Today in her InfoSecurity 2018 keynote, the ‘View from the Board: A CEO’s Perspective on…

Recent Posts

Recent Comments

We are an independent, award-winning communications agency