Russia's 2016 Data Localization Audit Plan Released

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Sergei Blagov

Jan. 13 — The Russian data protection regulator Jan. 13 released a detailed plan of data localization compliance audits scheduled for later this year. 

The Russian Federal Service for Oversight of Communications, Information Technology and Mass Media—also known under its Russian acronym Roscomnadzor—disclosed plans to audit major multinationals to determine whether businesses are meeting the Russian data localization requirements.

The data localization law (Federal Law No. 242-FZ), which requires companies to store all personal data of Russian citizens in databases located inside Russia, took effect Sept. 1, 2015 (171 PRA, 9/3/15).

Roscomnadzor's regional department for Central Russia plans to audit Microsoft Corp. in March, McDonald's Corp. in May-July, Hewlett-Packard in August and Citibank N.A. in September-November.

In 2015, Roscomnadzor audited 317 companies and found only two local businesses violating the data localization requirements.

Also on Jan. 13, Russian authorities pledged to refrain from using compliance audits to shut down foreign online businesses. The Russian government doesn't aim to block foreign online resources and services, Minister of Communications and Mass Media Nikolai Nikiforov said in televised remarks. However, we will require businesses to meet Russian legislative requirements, he said.

To contact the reporter on this story: Sergei Blagov in Moscow at

To contact the editor responsible for this story: Jimmy H. Koo at

For More Information


Roscomnadzor's Jan. 13 announcement is available, in Russian, at


Request Bloomberg Law: Privacy & Data Security