Соблюдение Закона "О персональных данных" и Shopify

Compliance with the Personal Data Law and Shopify

Russian law No. 152-FZ "On Personal Data" requires that data on Russian citizens be located on servers in Russia.

As of 2020, Shopify servers are located outside of Russia. I spoke to a representative of Shopify and received the answer that when Shopify comes to Russia, the servers for servicing Russian online stores will be placed in Russia. For example, in the data centers of Rostelecom. Sharding technology has been mastered by Shopify and works successfully in Canada.

What needs to be done?

To comply with the requirements of the Law, I suggest storing a copy of information on Buyers and Orders in Russia. And provide access to such copies at the first request of Roskomnadzor. For example, the data can be duplicated in 1C or in a Google Sheet.

Also connect a checkbox in the Shopify cart with the buyer's consent to receive personal data and cross-border transfer.

And make changes to the Shopify privacy policy and terms of service (offer), where the buyer's consent to cross-border data transfer will be recorded.