Yandex Cloud and Federal Law № 152-FZ

Transfer, store, and process your Russian employees' and customers' personal data in a secure cloud inside Russia.

Yandex Cloud offers a ready-made solution for localizing personal data in compliance with Russian data privacy laws (Federal Law № 152-FZ). The platform is FSTEC certified and meets all the requirements for the protection of personal data stored and processed in the cloud.

What makes Yandex Cloud the right choice?

Our own data centers

Yandex Cloud’s fully-owned data centers are located in three geographically distributed zones and are connected by proprietary communication channels. We design and manufacture servers and server racks ourselves, with full control of the entire process.

Easy migration

Many Yandex Cloud services provide APIs compatible with popular cloud platforms. Use the same code and easily migrate your services and applications without losing functionality or interrupting business processes.

Convenient data storage

Store any amount and type of data in Object Storage. Use our managed databases like Managed PostgreSQL to integrate payment systems or Managed ClickHouse® to aggregate data from a variety of sources.

Help and tech support

Detailed documentation and 24/7 tech support as you migrate and begin using Yandex Cloud services. Our partners can also help integrate and document your system in line with all legal requirements.

Transparent pricing

Take full control of your spending, and only pay for the resources you actually use. Flexibly scale your solution as activity and data volumes grow.

Platform services

Go beyond simple virtual infrastructure — take advantage of the full potential of Yandex Cloud platform services. Grow your business with our managed, ML, and serverless services.

Yandex Cloud services are in line with national and international standards: ISO, GDPR, PCI DSS, and GOST R 57580. Our compliance with Russian Federal Law № 152, confirming the highest level of security, is also certified.

Full screen image

Create resilient, manageable, and scalable applications and projects in compliance with the requirements of Federal Law № 152-FZ. Here’s an example of a hybrid approach to managing personal data using Yandex Cloud services and local infrastructure.

Full screen image

Getting started with personal data

Step 1: Identify data type and processes it is used in

Determine what type of data you plan to work with. If this is personal data, determine its category and choose the appropriate level of security. Determine the business processes and application components that data processing will be performed within.

Step 2: Choose personal data protection tools

Choose which will be Yandex Cloud services, downloaded from the Yandex Cloud Marketplace, or to be installed additionally. You also need to understand the scope of responsibility: your own and that of the service provider.

Step 3: Evaluate compliance with Federal Law № 152-FZ

As you migrate your infrastructure (partially or fully) to the cloud, you will need to evaluate your compliance with the requirements of Federal Law № 152-FZ. Make sure that everything is set up and working properly within your scope of responsibility and that everything is documented correctly from a legal point of view.

Yandex Cloud’s partners can help you reach full compliance with Federal Law № 152-FZ, provide infrastructure protection services during your cloud migration, tell you which components need to be transferred, and prepare documentation and a project to protect the localized system.

B-152: Protecting personal data and bringing business processes into compliance with Federal Law No. 152-FZ and GDPR.

Informzaschita: A leading system integrator in the field of information security.

InCountry: Providing and maintaining corporate infrastructure solutions.

CardSecurity: Physical and document security of financial, payment, and personal data.

Questions and answers

Personal data of Russian citizens must be stored inside Russia. Cross-border data transfers are only possible with the owner’s consent and if the data had originally been added to a database hosted in Russia. The law also imposes requirements on how data is processed and the technical protection of the information system, including the part located in Russia.

ClickHouse is a registered trademark of ClickHouse, Inc.