Complying with Russia’s New Privacy Law
The majority of CIOs say the law will likely increase IT infrastructure costs.
As of September 1, organizations operating in Russia must comply with amendments to the privacy law to store personal data on local citizens in Russia. This legislation, which some have speculated could be a precursor to clamping down on foreign social networks, significantly effects a range of companies, and executives must be aware of its legal and financial implications.
CIOs Are Concerned but Confident
In the third quarter of 2015, Gartner conducted a survey of large foreign companies operating in Russia, which found that 42 percent of CIOs were unsure whether or not they could comply with the amendment on time. Some were also unclear on its provisions.
However, Russia’s federal executive body, Roskomnadzor, which is responsible for the field of communications, IT and mass media, provided guidance to businesses face-to-face and online. Roskomnadzor officials also stated that companies must have a master database of local citizen’s records stored in the country, but they are permitted to replicate this to data centers abroad.
“The survey found that almost a third of CIOs said the new law would negatively impact their business, due to higher costs for IT infrastructure, as well as a feared increase in audits and associated penalties for noncompliance (see Figure 1),” said Petr Gorodetskiy, senior research analyst at Gartner. “However, the majority of CIOs expected no changes to their business in Russia. The consensus was that major business processes would at least remain unaffected.”