How to comply with the law on the storage and processing of personal data?

V

VladRDV2020-05-14 13:55:16

Law in IT

VladRDV, 2020-05-14 13:55:16

I want to launch an online platform in the Russian Federation and, according to the law, I must keep my servers on the territory of the Russian Federation

. I have the following question:
If I say I will launch my platform, for example, from Yandex Cloud (the database is there), and I will process payments through Stripe, I violate Am I the law?

Stripe will store the banking data of the users of my platform, in my database I store only the last 4 digits from the card

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

d-stream, 2020-05-14
@d-stream

Actually, stripe is online processing, not storage. And in the general case, the platform essentially does not transfer anything from the PD to the processing side - the user himself enters his data there and these are already completely separate processing relationships with the user.

U

Uncle Seryozha, 2020-05-15
@Protos

You need to make sure that Yandexcloud complies with 152-FZ, state in the contract with Yandexolak that they are implementing measures to minimize actual threats to the security of personal data and draw up an order for the processing of personal data. Then you do not break the law, but you yourself should exchange data with Yandex Olak, generally speaking, using an FSB-certified solution for encrypting transmitted traffic, or, well, evaluated in another way, which is even worse.