Соблюдение Закона "О персональных данных" и Shopify

Personal Data Law Compliance and Shopify

Law of Russia No. 152-FZ "On personal data " requires finding data about Russian citizens on servers in Russia.

As of 2020, Shopify servers are located outside of Russia. I spoke with a Shopify representative and received an answer that when Shopify comes to Russia, servers for serving Russian online stores will be located in Russia. For example, in Rostelecom data centers. Sharding technology has been mastered by Shopify and is successfully operating in Canada.

What needs to be done?

To meet the requirements of Law I suggest keeping a copy of information about Buyers and Orders in Russia. And at the first request of Roskomnadzor, provide access to such copies. For example, data can be duplicated in 1C or in a Google Sheet.

Also enable a checkbox in the Shopify cart with the buyer's consent to receive personal data and cross-border transfer.

And make changes to the store's privacy policy and terms of work (offer), where the buyer's consent to cross-border data transfer will be recorded.