localisation requirement

Russia’s data protection authority, Roscomnadzor, has held a number of meetings with business associations to respond to the wave of questions that have arisen about the interpretation and application of Russia’s personal data localization law.

The law, which enters into force on September 1, 2015, requires that an operator, while collecting personal data, ensures the recording, systematization, accumulation, storage, rectification (update, change) and extraction of Russian citizens’ personal data using databases located in Russia.  The meetings sought to address at least two key concerns — whether data stored locally could also be transferred outside of Russia, and the reach of the law’s jurisdiction.