Privacy Law at Kazakhstan
Kazakhstan's data protection framework is primarily governed by Law No. 94-V of May 21, 2013, titled On Personal Data and Their Protection. This legislation has undergone several amendments to enhance personal data security and align with international standards, notably the EU's General Data Protection Regulation (GDPR).
🇰🇿 Key Provisions of Kazakhstan's Personal Data Law
1. Scope and Applicability
Coverage The law applies to both public and private entities processing personal data within Kazakhsta.
Exemptions It does not cover personal data processing for personal or family use, archival purposes, or activities related to state secrets and intelligence operation.
2. Principles of Data Processing
Personal data processing must adhere to the following principle:
Legality Processing must comply with the la.
Confidentiality Ensuring the privacy of personal dat.
Data Minimization Collecting only necessary dat.
Purpose Limitation Using data solely for specified purpose.
Accuracy Maintaining accurate and up-to-date dat
Security Implementing measures to protect data integrit.
3. Data Subject Rights
Individuals have the right to:
Access Obtain information about their personal dat.
Correction Request amendments to inaccurate dat.
Deletion Request the removal of their data under certain condition.
Consent Withdrawal Revoke consent for data processing at any tim.
4. Data Protection Measures
Data Localization Personal data must be stored on servers within Kazakhsta.
Data Protection Officers (DPOs) Organizations are required to appoint DPOs to oversee data protection activitie.
Breach Notification Organizations must notify the Ministry of Digital Development within one working day of discovering a data breac.
5. Cross-Border Data Transfers
Trans-border transfer of personal data is permitted only if the receiving country ensures adequate protection of personal dat. Transfers may also occur under specific conditions, such as the individual's consent or international treaties ratified by Kazakhsta.
6. Enforcement and Penalties
Supervisory Authority The Prosecutor General's Office oversees compliance with personal data protection law Violations can result in fines ranging from $140 to $7,00.
Criminal Liability In cases where damage exceeds $600, penalties can include fines up to $35,000 or imprisonment for up to five year.
✅ Compliance Recommendations
Organizations operating in Kazakhstan should:
Appoint a Data Protection Officer (DPO) Designate a DPO to manage data protection activitie.
Implement Data Protection Policies Establish and enforce policies to safeguard personal dat.
Conduct Regular Audits Regularly review data processing activities to ensure complianc.
Train Employees Provide training on data protection principles and practice.
Prepare for Data Breaches Develop and implement procedures for responding to data breaches promptl.
RELATED Blog
0 comments