On August 22nd 2017, the Russian data protection authority, Rozcomnadzor, issued an order revising notice requirements for companies processing personal data.
The order requires companies to give advance notice of personal data processing. The notice must include:
- Information on security measures used to prevent data breaches;
- Intention to transfer data out of Russia, and to which countries;
- Confirmation of compliance with law requiring the data of Russian citizens to be stored on servers located within Russia.
A new notification form is available for companies to provide notifications to Rozcomnadzor.
Originally published 15 September 2017
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.