Executive Summary: Employers in Russia
and companies doing business in Russia should be prepared to comply
with recently enacted requirements governing storage and processing
of the personal data of Russian citizens, which are designed to
provide additional protection for this data.
Over the last few months, we have started to see a trend in
Russia towards greater protection of personal data of its citizens
and greater attention to data privacy.
One major step in providing added protection was the
implementation of new localization requirements for Russian
Effective September 1, 2015, data controllers processing
personal data of Russian nationals are now required to initially
store and process the personal data in databases located in
Personal data of Russian nationals can still be transferred
abroad, but only after first processing such data into the primary
local Russian database(s) and subject to compliance with Russian
cross-border transfer rules.
These new data localization requirements cover both Russian and
foreign companies with a presence in Russia. These
requirements will also apply to foreign companies that have no
presence in Russia but target the Russian market, e.g. online
retailers shipping goods to Russia.
Data controllers with a presence in Russia must also disclose
the location of the database(s) in a notification form to be filed
with the Russian Data Protection Authority.
These new localization requirements became effective just in
time for the Russian Data Protection Authority's
('Roskomnadzor') announced plan for increased inspections
in 2016 aimed at checking compliance with data privacy legislation,
including the new localization requirements.
Altogether, Roskomnadzor intends to conduct over 1,000
inspections of companies in the e-commerce, banking, automotive,
cosmetics and IT industries. A list is published of the
companies that will be inspected, though the list only includes
The inspection involves a review of all the required internal
documents and policies required to be in place as well as the IT
documents that will demonstrate compliance with the data protection
laws, including new data localization requirements.
Key Takeaways: Employers in
Russia and any company doing business in Russia should be sure to
review their policies and procedures for processing and storing
individuals' personal information. The new localization
requirements may require companies to overhaul their policies and
procedures to comply with the new requirements. With the
increased inspections by the Data Protection Authority, it is
recommended that companies not only review their policies and
procedures for compliance with the localization requirements, but
also Russia's data protection requirement as a whole, and do so
sooner rather than later.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
April 2015 saw the reshaping of family-friendly leave with the birth of Shared Parental Leave (SPL). Can employers offer enhanced contractual pay to mothers/primary adopters but not to fathers/partners?
In an eagerly awaited decision, the Court of Appeal ruled earlier today that creditors cannot access a bankrupt's pension benefits which have not come in payment.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).