Who are some of the "personal data operators" and/or developers "ISPD", but can of Google employees here have analyzed the possibility of using GAE for storage/treatment of PD (full name, passport details, including registration at the place of residence and stay, phones, soap, IM) clients (natural persons) of legal entities/individual entrepreneurs (customer system) in the light of FZ-152?
What additional difficulties in comparison with such a system in LAN, developed in-house may arise for the customer and for the developer? But if the developer is to provide such a system to the customer as SaaS? Or use GAE at all, not really, because it is impossible to even test, not to mention to certify that the GAE infrastructure for compliance with FZ-152?
PS PD Treatment is not the main function of the system master — records, but other laws and regulations of the act require the customer to treat PD, and just a customer it is convenient to identify by name, not by, for example, order number or loyalty card.
P. P. S. there are different thoughts about the circumvention of the law, for example, to keep PD locally, and the rest in GAE, for example, in html5 localStorage, but as I understand it, there's a simple possibility to sync the localStorage or between different jobs of one user or between different users — maybe even some variant of the data exchange between users of the web face without the use of publicly available servers (and ideally without server data). Can store in vault PD GAE encrypted with keys stored locally?