International companies are trying to get involved in the Russian market, but there are barriers to entry, including data protection regulations. Russia takes its data protection, predominantly legislated by federal laws No. 152 FZ and 242 FZ, quite seriously. As evidenced by Russia continually fining tech giants like Google, Facebook, and Twitter for noncompliance, any company with plans to do business in the country should have to achieve compliance at the top of their priority list.
In short, for international companies to enter the Russian Federation without any delay, their operations and systems, whether SaaS or otherwise, need to be compliant. This article will focus on SaaS because the industry has become a critical component of any business operation over the past two decades. Salesforce, in particular, as the largest SaaS provider in the world, is of particular interest.
Data Localization Regulations in Russia
The data residency abilities within the native Salesforce system are somewhat limited, as companies with international offices would have trouble sharing information with each other without potentially violating local data regulations, especially when it concerns Salesforce localization in Russia. This is because, as of now, Salesforce data in Russia is not automatically compliant with 152 FZ.
According to 152 FZ (and 242 FZ), Russia mandates that you store the information of Russian citizens within Russia. If your business is Russian and only handles the information of Russian citizens, that is not a problem. However, if your company is not Russia and in several countries, you could have an issue with Russian data regulations.
The good news is that you don’t have to completely give up your Salesforce instance just because of a compliance issue. Having a devoted Salesforce cloud in Russia that works in tandem with InCountry and a local cloud provider is all you need to achieve compliance. The catch in law 152 FZ is that sending data abroad is not completely prohibited, as long as you process and store the primary copy with a local provider, such as Yandex.Cloud. This means your Salesforce data for Russia does not violate the local legislation and open your organization up to fines. InCountry is the platform in the middle that enables this technical ability and routes sensitive data to Yandex.Cloud.
Without InCountry, simply having an agreement with a Russian cloud provider does not guarantee compliance with 152 FZ, because the Salesforce and even the Hyperforce stack is not natively compliant. That means that you wouldn’t be able to use an unaltered version of your Salesforce instance even with an agreement to store data locally. Achieving compliance would involved building a custom integration with Salesforce yourself, a challenge that brings with it a whole new host of technical issues.
Salesforce Compliance within Russia
While there are other solutions available to gain compliance with Russian data protection laws, most are not fluid enough to keep up with any shift in regulations. Russian’s initial data protection law, 152 FZ, came out in 2006, and the update, 242 FZ, came into effect in 2014. With dozens of data protection laws being strengthened around the globe, Russia may well update its own regulations in the near future, making anything but a long-term solution like InCountry a risk for setting up a Salesforce cloud in Russia. InCountry has the added advantage of presence in over 90 countries, which means any Salesforce localization in Russia isn’t a country-specific solution, but part of a worldwide platform for enabling safer Salesforce use.
When it comes to the Salesforce cloud in Russia, the most surefire way to be compliant without interrupting your organization’s Salesforce instance and compromising your Salesforce data in Russia is to partner with InCountry and a local cloud provider. InCountry is the tool that ensures that regulated data–i.e. the information of Russian subjects–is routed from Salesforce to local data centers to satisfy the requirements of 152 FZ. The remaining, unregulated data is free to simply be saved on Salesforce, but again, the Salesforce platform is not capable of routing regulated and unregulated data separately to keep you compliant. That is entirely the doing of the InCountry platform.
The Russian government knows the SaaS market is growing and wants to ensure Russian companies benefit from the rise as much as, if not more than international companies like Amazon and Microsoft that don’t know the ins and outs of the market.
This was the reasoning behind this alternative solution within the country’s data protection legislation: partnering and storing data with domestic providers will help those companies grow and gain relevance. You could certainly reach out to a Russian cloud service provider and approach the problem that way, but the easier solution comes from InCountry since you will not have to build your own custom technical solution. By using InCountry, you solve the matter and have access to continuous support and regular updates, without the infrastructure to maintain. That means saving not just on money, but on resources and time as well.
InCountry’s Compliance Solution within Russia
InCountry’s data residency-as-a-service platform has achieved official compliance with Federal Law No. 152 FZ and is officially listed on the Salesforce AppExchange, making our platform uniquely suited to bridge the problem on how to manage Russian data security laws in Salesforce. Helping customers manage the problem of Salesforce localization in Russia, InCountry has gone further than simply providing data residency-as-a-service, also partnering with Yandex.Cloud, the largest domestic cloud provider in Russia, to give organizations the best possible option for expanding their business into Russia.
Read more on how InCountry verifies compliance with 152-FZ here
Data regulations, especially strict ones like the ones in the Russian Federation, pose an intimidating challenge for companies that want to expand without facing fines and risking their business reputation. With the InCountry on Yandex.Cloud platform, that challenge will no longer delay your entry in the market or alter your Salesforce instance in any way.
Firstly, the InCountry-Yandex.Cloud partnership guarantees that InCountry will route all of your sensitive Salesforce data in Russia to be stored in Yandex’s data centers throughout the country, taking care of the storage part of Federal Laws 152 FZ and 242 FZ. Secondly, the InCountry platform will perpetually ensure all regulated data is processed and distributed in compliance with Russia’s data protection laws, so your organization will have complete and compliant coverage thanks to our solution.
This means that you can use the same Salesforce instance in Russia and globally. Depending on which data regulation model you opt for, on Russia’s end (as well as other countries with data protection laws, if you’re using InCountry), you can choose whether or not to make any personal information about Russian citizens encrypted to people using your Salesforce in another country. Depending on how strict a country’s data regulations are, having the ability to encrypt sensitive information to those outside the country of origin is a massive boost to managing compliance. It’s a balancing act of simultaneously keeping your Salesforce cloud in Russia and worldwide on the same page, but partially on their own track for local data compliance reasons.
A Compliant Salesforce Cloud in Russia
If your company or organization is looking to expand into Russia, you likely have heard about the local data protection mandates and are worried about how to comply with them. You need to know that you can continue using your Salesforce instance with no change for Russia if you have a proper solution. With the InCountry platform on Yandex.Cloud premises, you have access to a solution that will store the information of Russian citizens within the country thanks to a Russian cloud service provider, fulfilling any legal obligation your organization has to Russia’s data protection regulations.
The platform is not a plugin, but rather a background software available on the Salesforce AppExchange for this very reason. You will barely notice its operations, but thanks to it, you will manage Russian data security laws in Salesforce and open up a whole new market for selling. The InCountry on Yandex.Cloud platform’s abilities and ease in setting up make it the ideal choice for gaining compliance and managing your Salesforce cloud in Russia.