Law: AIFC Data Protection Regulations No. 10 of December 20, 2017 (AIFC Regulations) and the AIFC Data Protection Rules No. 1 of January 22, 2018 (AIFC Rules)

Regulator: Commissioner of Data Protection

Summary: The Astana International Financial Centre (AIFC) is a regional centre for business and finance, officially launched in 2018 in Kazakhstan. The AIFC has a special legal regime that applies to the financial sector and ensures personal data protection through the AIFC Data Protection Regulations No. 10 of December 20, 2017 (AIFC Regulations) and the AIFC Data Protection Rules No. 1 of January 22, 2018 (AIFC Rules). The Commissioner of Data Protection, as the supervisory regulator for privacy in the AIFC, is responsible for administrating the AIFC Regulations and Rules and for receiving processing notifications.

The AIFC Regulations closely align with the GDPR in that it provides the same key principles of personal data processing and mandates rules for the processing of sensitive personal data. There are, however, some differences with the GDPR, such as that the AIFC Regulations do not provide security requirements for processing sensitive personal data. Furthermore, the AIFC does not specify the right to data portability as one of the rights of the data subject. Finally, it is important to note that the Law of the Republic of Kazakhstan of 21 May 2013 No. 94-V on Personal Data and its Protection is applicable in the AIFC to the extent not regulated by the AIFC-specific data protection laws mentioned above.