As reported in BNA Privacy Law Watch, on August 22, 2017, the Russian privacy regulator, Roskomnadzor, announced that it had issued an order (the “Order”), effective immediately, revising notice protocols for companies that process personal data in Russia. Roskomnadzor stated that an earlier version of certain requirements for companies to notify the regulator of personal data processing was invalidated by the Russian Telecom Ministry in July.
The Order requires companies to notify Roskomnadzor in advance of personal data processing, including information on safeguards in place to prevent data breaches and whether the company intends to transfer data outside Russia (and, if so, the countries to which the data will be transferred). Companies must also confirm their compliance with Russia’s data localization law, which requires that companies processing personal data of Russian citizens store that data on servers located within Russia. In conjunction with the Order, Roskomnadzor released a new notification form that companies may use to communicate with the regulator.