The Federal Law requires operators to notify the authorised agency protecting the rights of personal data holders of their intention to conduct trans-border personal data transfers. Such transfer may be prohibited or restricted.
Additionally, the Federal Law requires operators to interact with the state system for detecting, preventing and eliminating the consequences of computer attacks on the Russian Federation’s information resources, including the provision of information to an authorized federal executive security agency on computer incidents involving personal data.