The Russian market is the largest source of potential users in Europe for international firms. Moreover, according to ITA, Russia's online market is one of the world's largest and has significant potential. By 2025, it will have 124 million Internet users: an attractive number for any business. However, recently more and more global companies find themselves under scrutiny by the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) due to their failure to comply with the Russian Personal Data Law (Federal Law 152-FZ). By these rules, global companies must store Russian users' data in Russia - much like the GDPR requires European citizens' data to be kept in Europe. We decided to look into the situation to explain how to do business in Russia legally and without hassle.
What does the law say?
Federal Law 152-FZ, in its current form, requires the localisation of personal data (PD) in Russia. This means that a global company serving Russian customers must ensure the recording, systematisation, accumulation, storage, and clarification of their personal data by using databases located within Russia.
Note that the concept of personal data includes not only full names, dates of birth, passport data, and addresses, but any information that relates to a specific person or persons. For example, a phone number or email address by itself is not PD, as it's not clear exactly to whom this data belongs; but, if we're talking about any kind of database with the full names of customers and their contact information, then this does fall under the definition of PD. The definition also includes unique information about a person: fingerprints, genetic information, or health data.
When does a global company fall under the law?
Even if a company doesn't maintain a Russian customer base (which is now rare), it falls under the law in the following cases:
- There is a Russian-language version of the website or a Russian domain;
- Customers pay for services or goods in rubles;
- Users see ads in Russian on the website.
That means that the new law affects all types of business with Russian customers, or even just visitors: from social media services and online publishers to streaming services and many others.
Who enforces the law?
Roskomnadzor monitors the implementation of the Russian Personal Data Law. This office, based on court rulings, creates a register of violators and can block the websites of companies on it. Liability also includes a fine. Starting from 2019, this fine can reach tens of thousands of dollars.
How can we help?
In this legal situation, the best solution for global companies is to employ the services of cloud providers with data centers in Russia, like G-Core Labs.
We provide global companies with infrastructure that meets the requirements of Russian law. Metro Cash & Carry, Volkswagen, Avast, Michelin, Wargaming, Joom, Sandbox Interactive, Bandai Namco, and RedFox Games are among our international customers.
In addition, moving to the G-Core Labs cloud entails a number of important business benefits.
- High availability. 99.95 per cent SLA, with financial guarantees in the case of downtime. Thanks to our reliable data center, however, it rarely comes to that.
- Quick deployment. In just a few minutes, IT infrastructure of any scale can be created, regardless of the industry and size of your business.
- Unlimited scalability. The fault tolerance of all of our data centers is as close as possible to 100 per cent, and there are measures in place against system crashes. Your company can use one or hundreds of virtual machines and store an unlimited amount of data.
- Reduced capital expenditures and financial transparency. Moving your infrastructure to our cloud doesn't require a payment or minimum fees, and there are no additional installation or configuration costs. Billing is based on the pay-as-you-go model; the customer only pays for resources they use.
- 24/7 support. Our specialists fully undertake technical support, which allows your company to focus on business.
- Reliability. A disaster recovery service will help protect your business from downtime during various failures (for example, if the database is accidentally deleted on the production server).
- Bare metal. Our cloud service allows you to deploy applications on dedicated servers.
- Easy migration. For any global company, migration to our cloud is a fast and secure process that retains all the necessary data.
S3 storage in Moscow
We created the S3 cloud object storage in Moscow for safely storing large amounts of data in compliance with Federal Law 152-FZ. This service will be of interest to game developers, providers of multimedia online services and owners of highly loaded resources.
Cloud storage helps reduce the cost of building and maintaining your own IT infrastructure. Through uninterrupted access and unlimited scalability, it allows you to increase the flexibility of your business processes.
The S3 storage is very convenient to use together with our cloud services and a global CDN.
You can also manage access to shared datasets and object lifecycles, set the interval for deleting backups, and automate this process.
Variety of virtual machine configurations
The G-Core Labs infrastructure is based on Intel solutions, including the latest 3rd Gen Intel Xeon Scalable (Ice Lake) processors. Intel SGX sensitive data protection technology is also integrated into the G-Core Labs cloud.
Seva Vayner is G-Core Labs' head of cloud platforms