Russia brings forward restrictions on Personal Data Processing
27 January 2015
In November 2014 we reported on proposed changes to the Russian Data Protection law which amongst other things will restrict the processing of personal data on servers located outside of Russia.
The law was intended to take effect on 1 September 2016 but we understand has recently been rescheduled to an effective date of 1 September 2015.
Businesses that process personal data either as a data controller or a data processor in Russia must ensure that such personal data that relates to Russian citizens will be stored on servers in the Russian Federation.
Whilst the law applies to processing of personal data relating to Russian citizens, we understand that when it comes to staff data of multinationals that have operations in Russia, whilst the staff data must be stored on a Russian server, it does not prevent it being shared within the corporate group for the purposes of managing the employer/employee relationship.
It must also be remembered that subject to limited exemptions, Russian businesses that process personal data may need to register with the Russian authorities and in such circumstances appoint a data protection officer.
The implications of the law and any penalties for non-compliance means that businesses with operations in Russia must begin planning for compliance with the data protection laws and data retention laws now.
This article was written by Robert Bond.
For more information contact Robert on +44 (0)20 7427 6660 or firstname.lastname@example.org