In brief
Various amendments were introduced into the legislation regarding personal data:
- Several changes affected the Law on "On personal data and their protection"¹
- A list of personal data is approved by Minister of Digital Development, Innovation and Aerospace Industry²
In detail
Law No. 347 VI provides for the following significant changes to the Law (dated May 21, 2013) "On personal data and their on their protection":
- Empowerment of the Ministry of Digital Development of Innovations and Aerospace Industry with the competence of an authorized body in the field of collection, processing and protection of personal data. The law provides for the main competences of the authorized body, including to³:
- develop a procedure for the implementation of measures to protect personal data of individuals;
- consider applications by individuals on the compliance of the content of personal data and methods of their processing with the purposes of their processing;
- take measures to hold persons accountable for violation of the legislation on personal data;
- approve the rules for the collection, processing of personal data, etc.
- A new term “service for ensuring the security of personal data” is introduced into the Law. Consent to the collection, processing of personal data will be obtained through the system “service for ensuring the security of personal data”, together with other mechanisms prescribed by the law.
- Introduction of the principles of personal data processing , which limit the processing of personal data depending on its purpose, including:
- the processing of personal data is limited to the achievement of specific, predetermined and legal purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not allowed.
- personal data, the content and volume of which are excessive in relation to the purposes of their processing, are not subject to processing.
- Introduction of norms to regulate the activities of operators of personal data including to:
- provide free access to the individual to familiarize himself with the personal data related to him/her;
- appoint a person responsible for organizing the processing of personal data if the owner and (or) operator are legal entities. The main responsibilities of such a person are also defined.
- Introduction of voluntary cyber insurance as an additional measure for protecting personal data. The purpose is to compensate for damage caused to the subject, owner and (or) operator, third party.
On August 5, 2020, the Order of the acting Minister of Digital Development, Innovation and Aerospace Industry (dated July 29, 2020 No. 278 / НҚ) was published, according to which the Minister of Digital Development, Innovation and Aerospace Industry has developed its own list of personal data necessary and sufficient for the performance of its tasks.
The document can be found at the following link: online.zakon.kz
¹ On 25 June the President of the RK signed the Law No. 347 VI "On Amendments and Additions to Certain Legislative Acts of the RKon the Regulation of Digital Technologies".
² On August 5, 2020, the Order of the acting Minister of Digital Development, Innovation and Aerospace Industry of the RK dated July 29, 2020 No. 278 / НҚ was published.
³ Paragraph 28.10 of the Law of the Republic of Kazakhstan dated June 25, 2020 No. 347 VI "On amendments and additions to some legislative acts of the Republic of Kazakhstan on the regulation of digital technologies"
Sign-up: Tax & Legal Alert
If you are interested in additional information, please contact us.
Contact us
