Personal data regulation has always been an issue for foreign investors in Kazakhstan. Nevertheless, the local Government is advancing in this field of legislation to comply with the strict rules of protecting personal data prescribed by GDPR (General Data Protection Regulation).
The Alert specifies the most relevant amendments introduced into this area:
- Prior to the collection and processing of the personal data, the owner and/or operator must fill in the form to determine the list of data that is required to perform their tasks;
- Apart from the owner and operator, third parties are entitled to determine the list of individuals having access to the restricted personal data;
- The owner and/or operator must notify the Ministry of Digital Development, Innovation and Aerospace Industry on unlawful access incidents to restricted personal data;
- The personal data protection measures have been clarified in details. In particular:
- Division of personal data into restricted and publicly available;
- Establishment of the list of individuals collecting and processing personal data or having access to such data by the owner and/or operator and third parties;
- Identification of business processes that contains personal data;
- Appointment of the individual responsible for organisation on processing personal data (applicable to legal entities);
- Establishment of the procedure on access to personal data.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.