personal data processing in russia

Processing Personal Data in Russia:IT Technical Details

Do you know where your data go?

What is a server and database?

Company

CompanySomewhere

What is “Russian” server and database?

Russia Finland

IP Address 1

IP Address 2

Lab here

Suggested Immediate Actions

Identify the list of the data that is used in your company and is (or can be) a subject of Personal Data Processing processes,

related to recent legislation

Analyze existing IT landscape and infrastructure to locate processing sites outside Russia that mightsummon risks

Based on the results of analysis, develop strategy and action plan,

define budgets for changes if needed

• HR and Payroll data• IT security data (Active Directory; access

software; registration of employees)• Accounting data• Clients'/suppliers agreements and contacts• CRM data• …• Any business data is under risk

What is under risk?

When analyzing IT infrastructure:• Define where personal data is collected, processed and

stored in your company, who is responsible for that

• Identify how the flow of data is organized in your company;you might not even be aware how it migrates; use DLPsoftware for analysis

• Distinguish between internal IT server capacity and third-party server capacity – some part of your data can be hostedin third-party data centers

• Ensure that you understand how your backup and restorepolicy is organized and where the backups are stored

• What software do you use to collect, process and storepersonal data

What can you do next?

• Define that some data in reality does not relate to Personal Data Processing process

• Delete personal data from the system

• Substitute the data with just IDs and process them separately, storing the data itself inside Russian Federation

• Transfer the database without re-hosting of the application

• Transfer the whole system

• Change the system

• Terminate the process

Potential transfer to Russia:

• Authentication and authorization catalogues

• Catalogues synchronization systems

• Controlling systems of common access

• Portal solutions

• Mail systems• Instant messaging

• Remote Desktops• VPN channels• Proxy Servers• Mirror servers• …

“Hacking” tools

Thank you!

info@awaraitsolutions.ruwww.awaraitsolutions.ru

personal data processing in russia

flow of data

thirdparty data centersensure

personal datawhat

russian server

thirdparty server capacity

processing sites

ip address

storedwhat software

Documents

policy document on the processing of personal data at...

audit requirements for personal data processing activities

market study of visa processing services in russia -...

notice on personal data processing

data processing addendum - enterprisealumni.com · november...

personal data in russia

data processing agreement · 2020-01-10 · 2. processing...

international standards on the protection of personal data...

guidance on security measures for personal data processing

handbook on security of personal data processing

guidelines on processing personal information within a

the processing of personal data (personal data act) leikny...

prezentare bilingv ro-en · 2020. 9. 21. · records of...

recommendations on personal data protection covid-19 ... ·...

guidelines 1/2020 on processing personal data in the

mind mapping for archival processing: using personal brain

russia wood-processing equipment market

guidelines on processing personal information within a...

agreement on personal data processing - zone.ee

denmarkthe act on processing of personal data