• Main / Services / Secure cloud compliant with Russian personal data law

    PROTECTED CLOUD: FEDERAL LAW 152-FZ

    Readymade complex solution for scalable IT infrastructure in compliance with the requirements of the Law on Personal Data Protection.

    Processing of any arrays of personal data in a secure environment;

    Processing of any arrays of personal data in a secure environment;

    Everything you expect from cloud – scalability, reliability, 24/7 support.

    Everything you expect from cloud – scalability, reliability, 24/7 support.

    A virtual infrastructure based on our data centers:

    Resilient solution based on VMware, NetApp and Cisco products;
    Seamless migration to secure clouds and creation of hybrid environments;
    Technical means for ensuring information protection, providing III and IV levels of protection of personal data;
    Infrastructure certified according to ISO 27001, ISO 9001, PCI DSS and certified for compliance with the requirements of the FSTEC (Federal Service for Technical and Export Control of Russia) on the storage of personal data;
    Assistance in the implementation of the legal and technical aspects of the project at all stages and round-the-clock support from Linxdatacenter engineers after launch.

     

    Do you offer any other complex projects?  

    Customized project solutions for the processing of personal data can be discussed with our specialist on an individual basis. 

    Learn more

    Ensuring the security of personal data

    We use technical solutions that guarantee the protection of the entire virtual infrastructure: S-Terra products for protecting virtual networks, encryption of network traffic, use of GHOST-VPN, and use of special versions of Kaspersky Anti-Virus for virtual environments, as well as the RedCheck vulnerability scanner for timely detection of vulnerabilities along with constant monitoring of the security of the virtual environment.

    FAQ

    What does Federal Law 152-FZ define as personal data?
    +
    +

     Any information about individuals, including names and contact details, gender, faith, as well as personal opinions on any topics. The law applies to both clients and employees. If you work with people, you are almost certainly subject to the law.

    Who is the operator of personal data under Federal Law 152-FZ?
    +
    +

    Any individual or legal entity that determines the purposes of collecting and processing personal data or performs any operations with such data, including collection, storage, analysis, use, transfer, and so on. 

    Most often, organizations from the financial services, healthcare, education, hospitality, telecommunications, advertising, and retail industries are subject to checks on the fulfillment of requirements set in Federal Law 152-FZ. 

    What are the requirements of Federal Law 152-FZ?
    +
    +

    In order to comply with the law, the operator of personal data must develop internal regulations for working with personal data, implement technical protection measures, and localize data on the territory of the Russian Federation. 

     

    The law imposes different requirements for the level of applicable security, depending on the type of personal data that the operator processes, and to the extent of processing. These levels are described in detail in Clause 8 of the Decree of the Government of the Russian Federation No. 1119 of November 1, 2012. 

    Who verifies compliance with Federal Law 152-FZ?
    +
    +

    The regulators responsible for ensuring compliance are Roskomnadzor (The Federal Service for Supervision of Communications, Information Technology and Mass Media)the FSB (Federal Security Service) and the FSTECRoskomnadzor is the authority most engaged in conducting checks. As a rule, the department is concerned about the compliance of the order and security of personal data processing with the requirements of the law. 

    What liability is provided for violations of Federal Law 152-FZ?
    +
    +

    Violations of Federal Law 152-FZ can entail all types of liability, including civil, disciplinary, administrative and criminal. 

    • Disciplinary liability under the Labor Code of the Russian Federation is provided for persons responsible for the processing of personal data, including compensation for direct damages. 

    • The Civil Code of the Russian Federation allows citizens to demand compensation from an organization if they suffered moral or property damages due to violations of the rules provided for operations with personal data. 

    • Depending on the substance of the offense, administrative liability is up to 100 thousand rubles for individuals for violation of the law on personal data, up to 800 thousand for officials, up to 20 thousand rubles for individual entrepreneurs, and up to 18 million rubles for organizations. 

    • Criminal liability for violation of the law on personal data can be qualified under a number of articles, which provide for punishment up to imprisonment for up to 4 years. 

     

    Violation of the law on personal data may lead to the inclusion of the organization in the register of violators, whose websites are subsequently blocked by telecom operators at the request of Roskomnadzor. 

     

    Cases

    Client: Developer of a digital business card service and a cloud platform for equipment maintenance management.
    +
    +

    Objective: Organize uninterrupted data processing in a secure cloud environment with service availability for users.  

    Solution: Linxdatacenter organized operations with personal data in the IaaS (infrastructure as a service) format on its platform in St. Petersburg. The migration was carried out in stages with testing of network availability after each step of implementation. 

    Client: Department of an IT company.
    +
    +

    Objective: Transfer an application with personal data to a secure cloudenvironment within a time limited by the term of the contract between the client and the certifying organization. 

    Solution: Linxdatacenter performed the work in cooperation with the client’s contractor after assigning areas of responsibility. Linxdatacenter also took on some of the responsibilities of the client related to data protection. The work was completed on time and compliance with the Law on Personal Data Protection was confirmed by a third party, an FSTEC licensee. 

    You may also be interested in

    If you are not certain that the basic solution suits you, try our customized solution for personal data storage.

     

    Learn more

    You will also be interested in

    • Compliance with Federal Law 152-FZ On Personal Data Protection: Custom Design Solution
      Audit for compliance with Russian personal data law
      Get an expert assessment of your business risks and our recommendations to improve the security of your IT infrastructure.
    • Global cloud network connectivity
      Dedicated access to AWS and Google Cloud Platform
      Access global cloud providers’ resources via a dedicated direct connection
    • BACKUP SOLUTIONS BY VEEAM
      Backup solutions by Veeam
      Back up and quickly recover your data and applications with Veeam solutions
    All services