A key requirement of the law on personal data is that all personal data of Russian citizens must be physically hosted in Russia. Cross-border data transfers are permitted, but a number of other requirements must be met, including obtaining the consent of the personal data subject. For example, let's say we want to process a Russian citizen's personal data using a globally distributed information system. To satisfy all the legal requirements, we would first have to collect and edit their personal data on a database hosted in Russia. Then, if necessary, we could pass this data to the parts of the system located outside of Russia, but only if we comply with the other conditions.
The law and its associated regulations also impose requirements on how data is processed and the technical protection of the information system, including the part located in Russia.