News is filtering through that Russia may extend the deadline for requiring companies to process the personal data of its citizens on servers located within Russia, to sometime after the existing deadline of 1 September 2015. The original legislation had proposed an effective date of 1 September 2015, but in a press statement of 14 July, the presidential press service quoted Putin as saying that he will discuss a deadline extension with cabinet ministers.
Notwithstanding this press statement, the Roskomnadzor plans to press ahead with compliance audits as of 1 September.
Russian Federal Law No. 242-FZ, which was signed into law last year, requires Russian citizens’ personal data to be collected and processed within Russia. While servers for this processing must be in Russia, data transfers outside of Russia are possible so long as such transfers adhere to the Russian data protection law.
The Roskomnadzor issued a statement 22 July indicating that survey results showed that 54 percent of Internet businesses were prepared to implement the new data localization rules in time for the 1 September effective date. Only 19 percent surveyed were unprepared.
In a prior statement issued 16 July, the Roskomnadzor indicated that it intends to audit more than 300 organisations between 1 September and the end of the year to assess data localization compliance.