In November 2014 we reported on proposed changes to the Russian Data Protection law which amongst other things will restrict the processing of personal data on servers located outside of Russia.
The law was intended to take effect on 1st September 2016 but we understand has recently been rescheduled to an effective date of 1st September 2015.
Businesses that process personal data either as a data controller or a data processor in Russia must ensure that such personal data that relates to Russian citizens will be stored on servers in the Russian Federation.
Whilst the law does not apply to processing of employee data of Russian employees of an international company the implications of the law and any penalties for non-compliance means that businesses with operations in Russia must begin planning for compliance with the law.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
