Yandex Cloud and Federal Law № 152-FZ
Transfer, store, and process your Russian employees' and customers' personal data in a secure cloud inside Russia.
Yandex Cloud offers a ready-made solution for localizing personal data in compliance with Russian data privacy laws (Federal Law № 152-FZ). The platform is FSTEC certified and meets all the requirements for the protection of personal data stored and processed in the cloud.
What makes Yandex Cloud the right choice?
Our own data centers
Yandex Cloud’s fully-owned data centers are located in three geographically distributed zones and are connected by proprietary communication channels. We design and manufacture servers and server racks ourselves, with full control of the entire process.
Easy migration
Many Yandex Cloud services provide APIs compatible with popular cloud platforms. Use the same code and easily migrate your services and applications without losing functionality or interrupting business processes.
Convenient data storage
Store any amount and type of data in Object Storage. Use our managed databases like Managed PostgreSQL to integrate payment systems or Managed ClickHouse® to aggregate data from a variety of sources.
Help and tech support
Detailed documentation and 24/7 tech support as you migrate and begin using Yandex Cloud services. Our partners can also help integrate and document your system in line with all legal requirements.
Transparent pricing
Take full control of your spending, and only pay for the resources you actually use. Flexibly scale your solution as activity and data volumes grow.
Platform services
Go beyond simple virtual infrastructure — take advantage of the full potential of Yandex Cloud platform services. Grow your business with our managed, ML, and serverless services.
Yandex Cloud services are in line with national and international standards: ISO, GDPR, PCI DSS, and GOST R 57580. Our compliance with Russian Federal Law № 152, confirming the highest level of security, is also certified.
Create resilient, manageable, and scalable applications and projects in compliance with the requirements of Federal Law № 152-FZ. Here’s an example of a hybrid approach to managing personal data using Yandex Cloud services and local infrastructure.
Getting started with personal data
Step 1: Identify data type and processes it is used in
Determine what type of data you plan to work with. If this is personal data, determine its category and choose the appropriate level of security. Determine the business processes and application components that data processing will be performed within.
Step 2: Choose personal data protection tools
Choose which will be Yandex Cloud services, downloaded from the Yandex Cloud Marketplace, or to be installed additionally. You also need to understand the scope of responsibility: your own and that of the service provider.
Step 3: Evaluate compliance with Federal Law № 152-FZ
As you migrate your infrastructure (partially or fully) to the cloud, you will need to evaluate your compliance with the requirements of Federal Law № 152-FZ. Make sure that everything is set up and working properly within your scope of responsibility and that everything is documented correctly from a legal point of view.
Questions and answers
Personal data of Russian citizens must be stored inside Russia. Cross-border data transfers are only possible with the owner’s consent and if the data had originally been added to a database hosted in Russia. The law also imposes requirements on how data is processed and the technical protection of the information system, including the part located in Russia.
Ready to get started?
Useful links
ClickHouse is a registered trademark of ClickHouse, Inc.