Universal Article/Blog/News module
The Russian Data Localization Law: What You Need To Know To Be Compliant
The 21st century is all about the internet and data transfer. With an increase in the number of internet users globally, e-commerce has become a big market and largely contributes to GDP. Most businesses have shifted their interest from the local market to the international market by using e-commerce platforms to increase marketing of goods and services. This helps them generate more significant revenue in lesser time. An important factor here is cyber-security and keeping a check on how and when data is being transferred and for what reasons.
Government and official authorities play a significant role by keeping checks and balances on data collectors, especially companies operating outside the particular country. Many countries have introduced Data Localization Law, including Russia.
In early July 2014, The Russian Federal Act on Data Protection was introduced to ensure Russian citizens' security and data collected by different businesses. Initially, the law was to be enforced by Sep 1, 2016. However, on Dec 21, 2014, Russian President Vladimir Putin signed the law to be implemented by Sep 1, 2015. According to this law, all domestic and international companies collecting customer data and store it in Russian servers only.
This article is an overview of the "Russian Data Localization Law," with its focus on helping you to assure compliance with the law if you wish to become part of the Russian Business Market.
Before moving forward, let's understand what localization means and what is the purpose of data localization?
Generally,"Data Localization Law," also known as "Data Sovereignty law," is a method to ensure the security of any country's citizens. It ensures that any data collected in a particular country be processed and stored within the borders and physically located before it is transferred internationally. Businesses and companies which collect personal data of their users or buyers from a particular country need to have servers within the territory.
Countries Following Data Localization Law
Russia is not the only country to amend any law regarding collection and data transfer. Several countries follow data localization laws, such as China, Canada, Japan, Malaysia, Indonesia, and Nigeria, with slight law variations. In Canada, personal information held by certain public entities must be stored and accessed within Canada only. According to Nigerian Data Localization law, no government data can be transferred outside Nigeria. Indonesia does not allow entities serving in the "public service sector" to share data across the border. In contrast, none of these countries forces businesses to set up their physical servers within a country like Russia.
Thing You Need To Know About Russian Data Localization Law
International Companies Must Obey the Law
Russia is the second smallest country in terms of population after South Africa, where people and their purchasing power are considered the strongest among BRICS.
For those outside the Russian borders, the law is equally important and requires compliance when collecting Russian citizens' data. The Russian Data Protection Authority included Address, Contact number, location, IP address, identification number, etc., in the list of personal information.
International companies must also purchase a Russian domain name with the Russian language on its websites. The organization needs to accept payment in Russian currency, i.e., RUB, including the goods and services delivered in Russia. Those companies who were not physically located in Russia or do not have any physical form also need to set up their servers physically in Russia if they want to continue their business in the Russian market.
A question here arises.
What about companies that had collected data before the amendment of the Russian Data Localization Law?
If you exist among one of those companies who are not currently accessing any private customer data or had collected data before, are not in operation now can consider this as good news. No domestic or international business is bound to set up servers in Russia for data collected before the amendment of Russian Localization Law unless they want to make changes or update the data. The law allows companies to share data internationally after setting local servers by following Russian law.
In Case Of Violating the Law
Initially, when the law was introduced, the Roskomnadzor (Russian Data Protection Authority) was not given the authority to impose any meaningful penalty upon the Data Localization Law's violence. They only had authority over blocking the websites, which were noncompliance.
However, On Dec 2, 2019, a new law was introduced in Russia to ensure that individuals and authorities respect data Localization Law. Under this new law, both legal entities and responsible managers (CEO and data transfer manager) are fined in case of the law's violence. The fines for violating the law can be between USD 16,000 – USD 96,000, increasing to USD 288,000 for repetitive offenses.
The response of Businesses and Companies
One of the many reasons for making local server set up mandatory, is that the Russian government wants to generate capital for its private sectors by making companies invest and increase their business budgets. The server set up cannot be done without having a physical presence in the country. All these requirements are not easy and cheap to compliance. In response to which many companies have left the Russian market.
It is challenging to analyze the number of positive or negative effects of Data Localization Law on the Russian market to decide whether it is a right or a wrong decision. Until now, the pros and the cons are parallel to each other. The law has made it easy for the government to assure national security. On the other hand, businesses seem to hesitate from the increasing cost because of maintaining local servers. It looks like the law is acting as a barrier for these companies to enter and entertain the Russian market.
CBT Mass Email Sender provides all the services related to email marketing.