Monday, 12 October 2015
Personal Data Storage in Russia – the canary in the coal mine for cloud?
The new amendment to the Information Law No. 242-FZ forbids storage of Russian citizens’ personal data outside of Russia. The change has posed new challenges to many foreign and domestic companies which already store their users’ data in borderless clouds.
According to the Russian authorities, up to 2.4 million companies are affected. Despite the fact that Russia is the largest (80 million users) and fastest growing Internet market in Europe, the country has suffered from negative media spin in the past regarding strict online censorship. However the larger picture - data sovereignty, is becoming a global trend and is creating a seismic shock in the cloud industry. In Canada the government requested Microsoft to store its sensitive data locally; or Spain where the government is looking at locations where personal data of its student body is held. Perhaps Russia is at the forefront of the movement, which would explain some uncertainties still contained within the law. Nevertheless businesses should not view the new government restrictions as impenetrable, but rather look at the ways in which technology can enable them to continue their relationships with the fastest growing online market in Europe.
One of the easy solutions is enlisting the help of an MSP so that companies can host their data in Russia, while leaving the rest of their operations uninterrupted. The benefit of cloud technology means that hosting data abroad is a much smoother process than it was even just a few years ago. By enabling organisations to host data in different parts of the world, they are able to serve a truly global customer base while complying with regional data laws. For larger projects there are now a number of trustworthy and professional data centre operators in Russia, already providing service to many multinationals.
The local Russian regulator, Roskomnadzor, has been very accommodating working with international players who might need extensions on time in order to fully comply, however failure to start a dialogue and ignore the legal changes can prove to be disastrous with many websites shut within first week.
IXcellerate is a local Russian data centre operator - with its headquarters in London. Here are IXcellerate’s suggested 5 simple steps to help companies to start with an effective compliance process:
1) Engage with Roskomnadzor if you have not already. If you have only started to look at the compliance, it is strongly advised to start a dialogue with Roskomnadzor. If you can show a current Russian datacentre contract it is likely you will be given an “extension to comply”.
2) Find a reliable local partner to assist you with the process and involve the head office team in the selection process. The personal data processing trend is not about to change, as governments are becoming more and more occupied with this topic. The choice of a local reliable partner has a strategic meaning: changing this decision will be hard and costly in the future.
3) Use existing import channels to move equipment. Usually your Russia-based data centre will have a number of reliable and previously tested partners to recommend. These should be large local business integrators, or international suppliers who have a dealer network in the country.
4) Manage complexity by transparent communication: make sure there is full understanding of the installation design by all parties involved. Language barriers and complex terminology can create major problems between client and contractor in this regard.
5) Don’t forget about after-migration support: the data centre team and other participating parties should be on stand-by after launch. A properly-run data centre will have client service thoroughly specified with procedures, documentation, a 24-hour bi-lingual emergency telephone line in place and an online ticketing system to track status.
Guest blog written by Guy Willner, CEO of IXcellerate
Contact: Anna Kazaeva email@example.com