DFG152 - Cloud Data Protection & Security
DFG152 is certified application, developed as required under the Federal Service for Technical and Export Control (FSTEC) of Russia that enables organizations to process personal data in full compliance with Federal Law dated 27.07.2006 No. 152-FZ (as amended on 21.07.2014) "On Personal Data"
dfg152_inaction_desk Created with Sketch. Ресурс 1

Putin instructed to accelerate work to strengthen the protection of personal data

Russian President Vladimir Putin instructed the government to accelerate work aimed at amending legislation in order to strengthen the protection of personal data of Russians and to promote the development of Russian organizations.

“The government … to speed up the preparation and introduction of amendments to the federal law” On Personal Data “aimed at strengthening the protection of personal data of citizens, as well as at promoting the development of Russian organizations developing software and hardware and software systems,” the instruction says.


The Russian State Duma Approves Increased Fines for Violation of Data Processing Requirements

The Russian State Duma has adopted in the third reading the draft law that proposes to stiffen penalties for violation of rules applicable to personal data processing in Russia, as established by Federal Law No. 152-FZ “On Personal Data”. The fine for first time violators could reach up to RUB 6. Repeated violations of the data localization law can incur increasing fines with a maximum penalty of RUB 18 million for legal entities.

The main legal requirement is to store the information about Russian users must be stored in the territory of the Russian Federation. On December 2, 2019, President Vladimir Putin signed Federal Law No. 405-FZ, On the Introduction of Amendments to the Administrative Offenses Code of the Russian Federation.  As of December 13, 2019, the Code has introduced new constituent element of an administrative offense – breach of localization requirements.

Failure by an operator to comply with the requirement leads to increased fines:

for officials – up to RUB 200,000 (approximately US$3,350)

for legal entities – up to RUB 6,000,000 (approximately US$100,000)

For repeated violation:

for officials – up to RUB 800,000 (approximately US$13,350)

for legal entities – up to RUB 18,000,000 (approximately US$ 300,000)



Load testing is the process of putting demand on a system and measuring its response. Load testing generally refers to the practice of modeling the expected usage of a software program by simulating multiple users accessing the program concurrently. This test method allows you to determine whether the tested solution, application or device meets the stated requirements.

CT Consulting specialists in cooperation with partner-expert Performance Lab team made all necessary changes with the subsequent transfer of tests. Load testing was successful, CT Consulting has managed not only to optimize the solution, but also to obtain a technological base for making similar changes in the future. The project passed from start to finish without a single delay. We can say that the task was completed with 100%.


DFG152 Application

This solution allows to transfer data to the cloud after the anonymization procedure that meets the requirements of the Order No. 996 issued on 05.09.2013 by the Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (Roskomnadzor)
The basis of the complex product DFG152 is anonymization of personal data, which enables linking stored and processed information to a specific individual - first name, last name - to a token, i.e. a group of identifiers.
The data linking identity information to tokens does not leave the borders of the Russian Federation and must be stored at the customer's site or in the cloud of the Russian provider, all the technical means of which are on the territory of Russia.
Thus, the use of this solution frees the operator from the need to perform costly, time-consuming and technically complex works to fully transfer the computing infrastructure and information system to the Russian Federation and allows the use of cloud services located outside of Russia.

Personal data protection

Within the cloud

About FL 152

Starting September 2015, all companies operating in Russia are required to store store personal data of Russian citizens on servers physically located in Russia.
(Article 2 of Federal Law dated July 21, 2014 No. 242-FZ "On Amendments to Certain Legislative Acts of the Russian Federation regarding the Procedure for Processing of Personal Data in Information and Telecommunications Networks", Federal Law dated December 31, 2014 No. 526-FZ "On Amendments to Article 4 of Federal Law "On Amendments to Certain Legislative Acts of the Russian Federation regarding the Procedure for Processing of Personal Data in Information and Telecommunications Networks").
According to the Law, "while collecting personal data, including through information and telecommunications network Internet, the operator is obliged to ensure recording, systematization, accumulation, storage, clarification (updating, changing), and extraction of personal data of Russian citizens with the use of databases located on the territory of the Russian Federation." This requirement is especially relevant for organizations using cloud services located outside the Russian Federation.
Personal data, except for some of their categories, belongs to restricted information and must be protected under the laws of the Russian Federation.
In accordance with the Federal Law dated 27.07.2006 No. 152-FZ "On Personal Data", "while processing personal data, the operator is obliged to take the necessary legal, organizational and technical measures or to ensure their acceptance for the protection of personal data against unauthorized or accidental access, destruction, modification, blocking, copying, supply, distribution of personal data, as well as other illegal action in relation to personal data." (Article 19, Part 1).
Confidentiality is not required only for the anonymized or public personal data, as well as personal data subject to publication or to mandatory disclosure in accordance to the law.
Moreover, the law "On Personal Data" actually equates depersonalization of personal data to destruction. Thus, in accordance with paragraph 7 of Article 5 of the Law, the processed personal data must be destroyed or anonymized upon achieving the goals of processing or if achieving these goals is no longer necessary.
CT Consulting

Official Platinum Partner and Reseller of Salesforce in Russia and CIS countries

Salesforce Partner Since 2008
CT Consulting developed DFG152 as a unique toolset for depersonalization and storage of personal data. The solution has broad functionality, scalability, and is fully compliant with the legislation and personal data protection regulators.

DFG152 consists of 3 components:
  • A Reverse-Proxy module, that tracks process operation with personal data (can be replaced with a plugin)
  • A service for data storage and depersonalizing
  • Salesforce Managed Package, responsible for the DFG152 validation process from Salesforce
Development of organizational and administrative documentation on Data Protection
We provide necessary assistance to meet the requirements of the Federal Law "On Personal Data" regulating the organization of processing and protection of personal data, including:
  • Documentation development in full compliance with the requirements of the state regulatory bodies in the field of personal data and its protection;
  • Readiness for Roskomnadzor inspection
  • Expert consultations
Salesforce Partner Since 2008

Global implementation and deployment of corporate information systems

Why choose DFG152?

Easy handling
Licensing of activities for technical protection
The Company has a license for technical protection of confidential information, including the development of tools to protect confidential information
Innovative architecture
Compliance with the requirements of Federal Law "On Personal Data" (152-FZ) and the regulatory legal acts adopted pursuant to that Law with regard to the procedure of personal data anonymization
No additional equipment or software needed
Safe access to corporate resources from any location without violating the requirements on the territoriality of databases for Russian citizens
A reliable Russian integrator
successful projects in 68 countries worldwide
8 years
of successful work and unique experience

Send request for a connection

Please leave your email address and we will get back to you as soon as possible.

Thank you for your request!
We will be in touch with you shortly