Data Protection & E-Privacy : nuova Legge dello Stato Russo: che fare ?

di | 21 September 2015
1 commento

Il 1 settembre 2015 è entrata in vigore la Legge Federale russa n. 242 del 21 luglio 2014.
La nuova legge sulla localizzazione dei dati personali prescrive che tutti i dati personali dei cittadini russi trattati da società estere, siano conservati e trattati in Russia senza esenzioni per i dati commerciali. L’operatore estero dovrà garantire che la registrazione, la sistematizzazione, il salvataggio, l’archiviazione, l’aggiornamento e il recupero dei dati personali dei cittadini russi debbano essere effettuati solo in database situati nello Stato Russo.

I soggetti che rientrano a tale legge sono le società estere con presenza legale in Russia e le società estere non presenti legalmente in Russia ma che forniscono servizi on-line ai cittadini russi (es. e-commerce).

Le Principali azioni da intraprendere sono :

  • Risk Assessment per stabilire se la società tratta dati come previsto dalla Localisation Law russa
  • policy interne e definire dove far risiedere i dati in Russia
  • informative e consensi specifici
  • notifica alla Local DPA (Roskomnadzor)
  • Data Transfer Agreement
Categoria: Open Forum Tag: ,

Informazioni su Agostino Oliveri

Agostino Oliveri Data Protection Officer – Privacy Consultant e Auditor Certificated (Num. Reg. DPO 1529 secondo gli standard UNI CEI EN ISO IEC 17024:2012 e 17065:2012 e disciplinato ai sensi legge 4/2013) We work mainly in the field of IT SECURITY with the provision of services and solutions to some penetration testing and security baseline. We provide consultancy to achieve the adjustments required under the law in the area of ​​security of data processed by computer equipment, law 196/2003 (the new Privacy Code undergoing change), law 231/2001 (protection from company computer crimes), adaptation of security bodies to DM 1.12.2010 num. 269, preparation of the feasibility study and business continuity plan in accordance with Article. 50-bis of the Administrative Code digital support for all matters related to the DL 33/2013 on Transparency and L. 190/2012 Anticorruption, we offer consultancy for achieving quality certification according to ISO 9001 and safety according to ISO 27001 certification for information and services for STAR mode CLOUD COMPUTING. I think the significant experience gained with multinational companies has allowed us to achieve a certification of expertise in some areas and very important issues and I think it can be a path to significant and important to share. Then in the light of the many regulatory changes that will have a very important impact on companies, I believe we need a prudent approach and prior verification and certification of existing solutions adopted in order to avoid incurring heavy fines in addition to the guarantee of safety of its corporate assets.

Un pensiero su “Data Protection & E-Privacy : nuova Legge dello Stato Russo: che fare ?

  1. Sergio Fumagalli

    It is really interesting that in these years when cloud computing makes data location unrelevant from a technical point of view, data location is becoming more and more a key issue from a political point of view.
    Also the new EU GDPR tries to submit Personal Data to the EU jurisdiction. Article 3, second paragraph of the version approved by the EU Council states as follows: “2. This Regulation applies to the processing of personal data of data subjects residing in the Union by a controller not established in the Union, where the processing activities are related to: ….”.
    The lawsuit between Microsft and the US Department of Justice refers, again, to the relevance of the place where data are stored in relation with the applicable jurisdiction.
    We could say that what is feasible from a technical point of view doesn’t match with the sovereignty principle which nations and States are based on.
    The data protection legislation is becoming, worldwide, the intersection between tech and politics.

Lascia un commento

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.