Соблюдение Закона "О персональных данных" и Shopify

Соблюдение Закона "О персональных данных" и Shopify

Law of Russia No. 152-FZ "On personal data" requires finding data about Russian citizens on servers in Russia.

As of 2020, Shopify servers are located outside of Russia. I spoke with a Shopify representative and received an answer that when Shopify comes to Russia, the servers for servicing Russian online stores will be placed in Russia. For example, in the data centers of Rostelecom. Sharding technology has been mastered by Shopify and is successfully operating in Canada.

What needs to be done?

To comply with the requirements of Law, I suggest keeping a copy of information about Buyers and Orders in Russia. And at the first request of Roskomnadzor to provide access to such copies. For example, data can be duplicated in 1C or in a Google Sheet.

Also enable the checkbox in the Shopify cart with the buyer's consent to receive personal data and cross-border transfer.

And make changes to the store's privacy policy and working conditions (offer), where the buyer's consent to cross-border data transfer will be recorded.