Russia is a largely untapped market for many major international companies despite having a top-10 global population and a top-15 economy. As new and emerging companies seek to enter the market and make an impact, they’ll find that expansion can be delayed for a number of reasons, but one of the more current reasons is data protection.
Data protection legislation has taken off in every corner of the world over the past few years, but Russia was early to the issue, passing its own bill, Federal Law 152-FZ On Personal Data, back in 2006. The law was further amended in 2014 to buttress data localization. Although other countries like China and now Saudi Arabia have airtight requirements where regulated data can more or less never leave the country, Russia does allow data to go abroad provided the requirements of 152-FZ are met. Companies and organizations that process data need to keep a copy of regulated data—PII concerning Russian citizens—stored within Russia. A copy of that info can be sent abroad, however it cannot be sent to the United States given that the country is neither a signatory to the Council of Europe’s Convention for the Protection of Individuals nor a country Russia’s data protection body, Roskomnadzor, deems to have adequate data protection.
This is particularly pressing for companies looking to use popular SaaS apps like Salesforce, Veeva, and Cegid within Russia, none of which have the ability to comply with 152-FZ since they do not have instances to store data within the country. While organizations could build their own compliance stack inside Russia to gain compliance and use a global SaaS app without problem, that is a costly and resource-consuming process most would like to avoid.
Of course, the entire scope of Russia’s data protection regulations goes behind a summary of a single law, which is why we here at InCountry have put together an in-depth eBook covering the topic. From every major piece of legislation on the topic and domestic cloud service providers to precedents of fines and penalties and how compliant companies are able to use their own homegrown applications or SaaS applications within the country, we’ve gone deep to provide businesses with the ultimate resource for consumption before they enter the Russian market.
You can get the eBook here.