Russian legislation requires both Russian and foreign companies (including their representative/branch offices) to switch to databases and servers located in Russia for processing the personal data of Russian citizens.

Companies implementing these requirements will face a number of issues such as: criteria for determining the term “personal data”; proper order of database transfer from foreign servers to Russian servers; transmission of personal data processing to a company – partner; validity of current data processing abroad.

These and other questions must be resolved as companies that violate these new requirements will face administrative and criminal liabilities including possible inclusion into the register of violators. Moreover, in the event of violation of the rules associated with the processing of employees’ personal data, companies might receive disciplinary action.

WatersOAG provides legal advice regarding the processing of personal data, as well as effective assistance with implementation of the legislative requirements and resolution of various related issues.

How we can help:

• Audit of personal data processed by the company in order to identify those which fall under the applicable definitions and limits established by Russian legislation
• Assistance defining optimal solutions for personal data processing subject to Russian law
• Consultation on the implementation of new legislative requirements in order to minimize company risk
• Development of procedures related to local acts associated with processing of personal data taking into account the requirements of supervisory authorities
• Development of the appropriate consents, agreements and/or supplementary agreements required for cooperation with the owners of personal data and partners
• Other related services

This post is also available in: Russian