data-localization

Installation
SKILL.md

Implementing Data Localization Requirements

Overview

Data localization laws require that personal data of a country's residents be stored, processed, or both within the territory of that country. These requirements exist independently of and in addition to transfer mechanism requirements under the GDPR. Organisations operating globally must map their data localization obligations by jurisdiction, design infrastructure architectures that comply with local storage mandates, and implement exemption procedures where cross-border transfer is permitted subject to conditions.

Country-Specific Requirements

Russia — Federal Law No. 242-FZ (Amendments to Federal Law No. 152-FZ)

Effective: 1 September 2015

Key requirements:

  • Art. 18(5) of Federal Law 152-FZ (as amended by 242-FZ): When collecting personal data, including via the internet, the data operator must ensure that recording, systematisation, accumulation, storage, modification, extraction, and retrieval of personal data of citizens of the Russian Federation are carried out using databases located in the territory of the Russian Federation.
  • The law applies to any organisation collecting personal data of Russian citizens, regardless of the organisation's location.
  • Cross-border transfer is permitted after initial localization — the primary database must be in Russia, but copies may be transferred abroad subject to Federal Law 152-FZ cross-border transfer rules.
Installs
9
GitHub Stars
187
First Seen
Jun 9, 2026
data-localization — mukul975/privacy-data-protection-skills