Russia's data protection authority, the Roskomnadzor, has
recently announced its intention to increase the number of data
localisation audits it carries out in 2016. It has pledged to
conduct around 1,000 data localisation compliance audits and 2,000
monitoring procedures in a bid to check whether businesses are
meeting their obligations under data localisation law.
Russia's data localisation law came into effect 1
September 2015. It requires that all companies that collect or
process personal data of Russian citizens, process and store that
information on servers in Russia. Companies also have an obligation
to notify the Roskomnadzor of the location of such servers.
In a statement published 7 September 2015, the Roskomnadzor
confirmed that the regulation applies to any company collecting
personal data from Russia, regardless of its place of
incorporation. This means that foreign companies fall under the
scope of the regulator's audits.
It is believed that the compliance audit checks will have an
increased focus on transnational companies, as they will now have
had time to ensure compliance with the law. The Roskomnadzor had
previously carried out around 300 audits by the end of 2015,
focussing mainly on domestic companies.
Although the law has been in force for some time now, some
uncertainty remains as to the full extent of enforcement action
that may be taken against non-compliant companies. The head of the
Roskomnadzor, Alexander Zharov, has given some guidance suggesting
that the regulator could be given powers to block non-compliant
websites without court orders, and declare domain names
Despite this uncertainty, it is clear that companies will have
nowhere to hide as the Roskomnadzor gears up for a busy year of
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In this article Filippo Noseda examines the impact of the Common Reporting Standards (CRS), based on practical examples of data transfer and data breaches and analysed in the light of general tax law principles.
Brexit will have fundamental implications for the UK data protection regime. Until Brexit takes place, there will be a period during which its precise form and implications for UK data protection laws are not clear.
Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (GDPR) was approved in Spring 2016 and the new rules will come into effect on 25 May 2018.
The EU Commission has now formally adopted the EU-US Privacy Shield arrangement for the legal transfer of personal data from the EU/EEA to the US.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).