Russian Personal Data Localization Requirements

As of September 1, 2015, organizations that are considered personal data operators must ensure that, when collecting personal data, Russian citizens' personal data recording, systematization, accumulation, storage, clarification (updating, changing), and extraction are performed through the databases located in Russia ('personal data localization requirement').1

Microsoft Online Services available to organizations (including but not limited to educational institutions) (hereinafter referred to as 'customer'), including those enabling personal data processing such as Microsoft Azure, Microsoft 365, Dynamics 365, and Power Platform, are provided from data processing centers located outside of Russia (for more information visit the Microsoft Trust Center).

Based on the type and content of information processed by customer information systems, such systems, including those using Microsoft cloud products, may be deemed a personal data information system ('PDIS', 'ISPD'). In cases where the customer would like to use Microsoft Online Services in a system that qualifies as PDIS through its architecture and types of information processed, Microsoft invites its customers to consider, amongst other things, available solutions specified below. All the scenarios provided are available for customers as an additional option to standard business offerings.

It should be noted that it is the customer as personal data operator of PDIS who is in charge of compliance and shall analyze and assess applicable legal requirements for personal data localization, and at its own discretion, independently determine sufficient measures to ensure that personal data processing in PDIS complies with the Russian personal data law.2

Subscribing to Microsoft Online Services

Microsoft ID Management

Microsoft invites customers to consider subscribing to Microsoft Online Services—Microsoft Azure, Microsoft 365, Dynamics 365, and Power Platform—via a Microsoft Cloud Solution Provider (CSP) partner. See this list of CSP partners for more information.

Managing User Identity and Access for Microsoft Online Services

For Microsoft Online Services such as Microsoft Azure, Microsoft 365, Dynamics 365, and Power Platform, user verification and access management are performed through Azure Active Directory (AAD). Note that cases where a Microsoft customer uses a local identification management system for Microsoft cloud services (such as the Windows Server Active Directory (AD) or any other ID management system), the customer has an opportunity to swiftly integrate such system with the Azure Active Directory (AAD) through Azure AD Connect. See the Azure AD Connect option for more information. Microsoft customers may also consider using applications and solutions of third-party vendors for managing their users and integrating their local identification system with the Azure AD.

Use Microsoft Compliance Manager to assess your risk

Microsoft Compliance Manager is a feature in the Microsoft 365 compliance center to help you understand your organization's compliance posture and take actions to help reduce risks. Compliance Manager offers a premium template for building an assessment for this regulation. Find the template in the assessment templates page in Compliance Manager. Learn how to build assessments in Compliance Manager.

Questions and support

For technical and billing questions, refer to the Microsoft Support resources below. For additional questions or clarifications, contact the Microsoft privacy team.

Microsoft Azure

Microsoft 365

  • Toll Free: 8 10 800 2548 1044
  • Local Call: 499 922 8623
  • Online support: Submit queries via the Admin Center

Dynamics 365

  • Toll Free: 8 10 800 2548 1044
  • Local Call: 499 922 8623
  • Online support: Submit queries via the Dynamics Support portal

Power Platform

  • Toll Free: 8 10 800 2548 1044
  • Local Call: 499 922 8623
  • Online support: Submit queries via the Power Platform Support

Note

1 Federal Law No. 242-FZ (edition dated 12.31.2014) 'On entering amendments into certain legislative acts of the Russian Federation about clarifying the procedure for personal data processing in information and telecommunication networks' dated 07.21.2014
2 Federal Law No. 152-FZ on Personal data as of 07.27. 2006