Why is Russia banning overseas storage of personal data?
Click to start listening
Synopsis
On July 1, a significant regulation will come into play in Russia, banning the overseas storage of personal data for its citizens. This move aims to enhance data security and reduce risks associated with international data handling. Learn how this could impact businesses and personal data privacy.
Key Takeaways
- The new law prohibits the overseas storage of personal data for Russian citizens.
- All data handling must occur within Russia.
- Third-party data processors are also affected by these amendments.
- Data breaches involving Russian citizens are a primary concern.
- Foreign services may face operational disruptions as a result.
Moscow, June 28 (NationPress) A new regulation prohibiting the storage of personal data of Russian citizens outside the nation will take effect on July 1, according to reports from local media on Saturday.
As per the recently amended law "On Personal Data" in Russia, all processes related to personal data—including collection, systematisation, storage, updating, modification, and deletion—must occur solely within the confines of Russia.
From July 1 onwards, operators will be prohibited from engaging with databases situated outside Russia at any phase of data processing.
The amendments further extend these obligations to third-party data processors that supply tools or platforms for data analytics and management. This encompasses vendors providing services like Google Analytics, HR management systems, and customer relationship management platforms, as reported by the Xinhua news agency.
Alexander Kirsanov, legal head at MTS Link, a Russian business communication platform, was cited by RIA Novosti stating that such platforms do not directly collect personal data but acquire it from primary operators, including banks, telecom companies, IT firms, and online marketplaces.
"Once the amendments are implemented, regulators are anticipated to increase scrutiny on organizations responsible for handling the personal data of Russian citizens," he remarked. "Utilizing foreign services for analytics will become progressively challenging."
Kirsanov noted that this legislative modification aims to mitigate the risk of data breaches involving Russian citizens. However, he also highlighted the inherent risks associated with dependence on foreign software.
"Since 2022, Russian enterprises and government bodies have often encountered sudden service interruptions from foreign providers, even with long-term licenses. Such disruptions have led to workflow interruptions and data losses," he stated.
According to Russian law, personal data encompasses full names linked with email addresses, phone numbers, passport data, birthdates, and birthplaces associated with names, residential addresses, identification numbers, biometric data, and digital identifiers like IP addresses and online accounts.
Point of View
We recognize the importance of safeguarding personal data within national boundaries. While this regulation aims to protect Russian citizens from data breaches, it also poses challenges for businesses reliant on foreign services. Striking a balance between data security and operational efficiency will be crucial in the coming months.
NationPress
28/06/2025
Frequently Asked Questions
What does the new regulation entail?
The new regulation prohibits the storage of Russian citizens' personal data outside the country, requiring all data handling processes to occur within Russian borders.
When will the regulation take effect?
The regulation will come into effect on July 1.
How will this impact foreign services?
Operators will no longer be allowed to use databases located outside Russia for any phase of data processing, affecting many foreign services.
What types of data are covered by this law?
The law covers various personal information including names, email addresses, phone numbers, and biometric data.
Why is this regulation being implemented?
The regulation aims to enhance data security and reduce the risks associated with data breaches involving Russian citizens.
