On 2 December 2019 a law came into effect increasing fines for non-compliance with the Russian data localisation requirements. The proposed fines could amount to a maximum of 6 million RUB (approximately 85,000 EUR) for a first offence and 18 million RUB (approximately 255,000 EUR) for a repeat offence.
Since 1 September 2015 it is required by Russian law that the personal data of Russian citizens are stored and processed using databases located in Russia. This requirement can be complied with for instance by placing the database with personal data of Russian citizens in a Russia-based data centre or server.
Until present fines for failure to provide information as required by data localisation legislation were very low (up to 5,000 RUB or appr. 67 eur). Instead Roskomnadzor, the Russian data protection authority, had the right to block the website of a company in breach of the rules.
We recommend you to carefully review your procedure for data processing and localization. If you are in doubt about the interpretation of the law, we are happy to provide clarifications.
You may also be interested in the following article: https://www.themoscowtimes.com/2020/01/03/will-russia-enforce-new-internet-laws-i2020-a68802
