Processing And Storage Of Personal Data In Rp
1. Fully reschedule and locate all personal databases in Russia.
A straightforward approach, " so for sure " , to move personal data bases, their processing, collection and storage into the Russian Federation, to Russian dates centres and hosting providers. That's what 1C-Bitrix did, detailing the complexity and history of transport here and here.
To whom.
- Companies with only a site abroad. The small or medium site is low and not very difficult.
- Russian companies that use foreign hosting providers and dates centres, cloud platforms. For this category, there is generally a simple shift of the hosting provider.
Who cares?
- Large saas service providers who do not work on the territory of the Russian Federation (excluding Russian users being the critical mass of their audience).
- For foreign companies with global information systems, it is difficult for them to provide the personal data of FRF citizens from the system.
- Large Russian and foreign companies that have serious IT solutions abroad have long and expensive data. There is another difficulty for foreign companies: the transfer of data affects not only Russian business, but also all the company ' s world offices.
There are no submarine stones, but there is nuance: if the information system is distributed and complex by architecture, it will be costly to move it into the RF.
2. Disclosure the personal data and transmit them abroad in the form of disinfection.
Under this approach, personal data are located in the database in Russia, and each individual is assigned an ID-number, only it is transferred abroad. Personal data are separated from the subject so that they cannot be matched to the individual. This approach offers Microsoft to work with its services and Microsoft Azure.
Who cares?
- Companies whose systems abroad require personal data to operate, but with sufficient ID.
Frequent deficiency is already embedded in the information system, the software product or the cloud platform, so it can be beneficial - it meets the localization of personal data.
Who cares?
- Companies whose systems are located abroad and cannot operate with personal ID data.
- Companies for which the value and time of the ID default and work with ID overlap with the benefits of this method.
Underwater stones