Russia's government has enacted the famous law that states that "Russian personal data" should be stored on primary servers in Russia...
There's a lot of legal talk on the topic all over the web, but we can't find any technical discussion on how to do this...
We have a very classical application that keeps user data from all over the world, and our clients start to wonder how we are going to deal with that.
Apparently, the data that is concerned is only the user profile (name, email, ...), not the user activity (comments, contributions, logs, ...).
It seems that we should perform all CRUD operations in Russia for Russian profiles.
The questions we start to have are:
- Can we keep our servers where they are, and perform double posting of all the user data to a record store in Russia (say, a mongoDB in Russia)
- Is it ok to keep doing READ operations from our servers outside Russia ?
- It says that the data should be stored "first" in Russia - is it ok to store it "in parallel" ?
If anyone has insights about this, we'd be grateful - legal and technical don't blend easily...
NB: I was not sure of the right stack exchange forum to place this question - do not hesitate to point us to the right one if DBA is not appropriate...