Deadline for Russia’s Data Localization Law

Russian Data Center & Cloud Market Update – Addressing Russia’s Data Sovereignty Laws

ARE YOU IN COMPLIANCE WITH GLOBAL DATA SOVEREIGNTY LAWS? RUSSIA, TURKEY & OTHERS?

Russia's Data Localization Law

If you’re providing services to people in Russia, store some personal data, and are not an airline, you have until September 1, 2015 to move that data to a Russian co-lo or cloud provider or face fines and a block on your domain. This is not a trivial proposition – there are few Western providers operating in Russia, and in addition to the usual risks associated with outsourcing, all suppliers face a highly active regulatory regime as well as potential impact of corruption, sanctions, and capital flight.

Through local knowledge and deep due diligence, RampRate has identified the safest options for hosting Russian data locally, so even if you’re behind on your localization, you can quickly execute a well-negotiated deal and get in compliance. Set up a call with our Russia expert to find the right provider. And while you’re at it, get ready for a wave of localization initiatives to come in places ranging from India to the EU with RampRate’s site selection tool, which shows you where you need to host to maximize reach and minimize costs and risks.

New Russian law affects all enterprises which store data of Russian citizens

Russia is the latest in a string of nations aiming to localize the data about its citizens.  On September 1, 2015 its Federal Law No. 242-FZ referred to as the “Data Localization Law” is going into effect. This law impacts all companies (domestic or foreign alike) operating in Russian markets and requires that:

  1. All servers and databases used to record, systemize, accumulate, store, amend, update and retrieve personal data of Russian citizens be physically located in Russia
  2. Companies must notify the Russian data protection authority (Roskomnadzor) of the servers’ location(s)

At this time Russian authorities estimate that there are 2.6 million enterprises globally that store the kind of user data identified by Russia’s new law. While an exception has been made for the airline industry, compliance with this law is a must for all others who wish to maintain business continuity in Russia so as long as their operations require the storage of personal data of Russian citizens whether its customers, employees, or other. 

Companies that violate the data localization law will be listed in a register of violators, subject to a fine, have their domains blocked, and for continuous failure to comply may become subject to criminal liability.

Challenge: Migration and hosting of personal data in Russia

Once a decision to comply with the Data Localization Law is made, the immediate task is to choose the right solutions provider that will host firm’s data in either a colocation facility or a cloud based solution. A typical challenge that firm usually faces when sourcing such infrastructure services is to find the best fit provider who will ensure both the lowest operational risk and offer its best-in-class market pricing.

This task is even more complex when dealing with today’s Russia. A firm now has to address additional risk factors that arise as result of the current geopolitical environment in Russia. Firms (and its clients) want the comfort of having chosen a solutions provider that is best positioned to adequately protect the sensitive personal data, not cause any reputational damage, and maintain continuity, i.e. survive despite the unique challenges that Russian government can impose.

RampRate Offers Keys to Compliance with Russian Law

RampRate helps companies to maneuver the complexities of the Data Center and Cloud markets globally. RampRate’s SPY Index will enable an enterprise to quickly identify the best-fit data hosting provider in Russia. All major market players are evaluated using hundreds of criteria to provide a complete view into:

  • Provider Risk (based on business, financial, political, and reputational risk)
  • Contract/SLA Strength
  • Facility attributes
  • Pricing
  • Available Capacity, and others

Beyond Russia

Russia’s Data Localization Law

The EU, India, China, South Korea, Brazil, Malaysia, Indonesia, Vietnam, and others are among a growing list of countries who have either already implemented data localization laws, or are currently evaluating various measures which would toughen their data privacy laws.

RampRate has the necessary knowledge and tools to help your organization maneuver the most effective and least disruptive path to complying with these new data center laws in any country.

Whether you are seeking an understanding of how to ensure compliance with laws impacting your data center strategy or undertaking a sourcing exercise RampRate will be your most valuable asset in this new world of data regulation.

Data regulation compliance and migration can be overwhelming and costly — don’t go at it alone.


Co Author Lenna Boatwright – Client Engagement for Sovereign law projects.

Learn More

Leave a Reply