Kazakhstan

Summary

Law: Law of the Republic of Kazakhstan of 21 May 2013 No. 94-V on Personal Data and its Protection (the Personal Data Law) and Law on Amendments and Additions to Some Legislative Acts of the Republic of Kazakhstan on the Regulation of Digital Technologies (only available in Kazakh here) (the Amendment Law)

Regulator: The Government of the Republic of Kazakhstan (the Government) and state bodies, notably the Ministry of Digital Development, Innovations and Aerospace Industry of the Republic of Kazakhstan (MDAI), have specific competence in the area of personal data.

Summary: On May 21, 2013, the Law on Personal Data and its Protection No. 94-V (the Personal Data Law) came into effect, establishing itself as the primary legal framework governing personal data in the Republic of Kazakhstan. This law provides general regulations for the collection and processing of personal data, including extensive requirements for data localization. In addition, the Constitution of the Republic of Kazakhstan (the Constitution) also forms part of Kazakhstan's data protection framework by guaranteeing the right to personal and family privacy.

Furthermore, in July 2020, the Law on Amendments and Additions to Some Legislative Acts of the Republic of Kazakhstan on the Regulation of Digital Technologies (only available in Kazakh here) (the Amendment Law) was introduced, which significantly expands the data protection obligations for organizations. Among other provisions, the Amendment Law introduces additional requirements for data collection and processing, outlines obligations for data operators (similar to data processors), and redefines key concepts. Additionally, the Amendment Law delineates the competence of the data protection authority, specifying its powers and role.

Notably, the Amendment Law establishes a recourse mechanism in case personal data is illegally collected, processed, or disclosed. It also outlines penalties that can be imposed on individuals and organizations failing to comply with the provisions set out in the law.

Browse more jurisdictions:

Astana International Financial Centre

Browse more content in Kazakhstan

All Guidance Notes

All News

All Insights

News

04 April 2024

Kazakhstan: MDAI publishes cybersecurity issues report with recommendations for public, professionals, and businesses

06 September 2021

Kazakhstan: Mazhilis announces proposal of new AML/CFT bill

13 April 2021

Kazakhstan: MDAI publishes proposed amendments to data protection laws for public consultation

24 November 2020

Kazakhstan: MDAI approves rules for the collection and processing of personal data

30 September 2020

Kazakhstan: Financial Regulator publishes approved methodology for assessing risks of critical information systems

07 September 2020

Kazakhstan: MDAI releases statement prompting citizens to report illegal disclosure of personal data to initiate investigations

08 July 2020

Kazakhstan: Provisions on processing requirements and data protection authority enter into force

03 July 2020

Kazakhstan: President signs digital regulation amendment law establishing data protection authority

30 April 2020

Kazakhstan: Mazhilis approves digital technology bill on second reading

15 April 2020

Kazakhstan: State of emergency decree requires the use of mobile applications for quarantine measures

20 March 2020

Kazakhstan: Mazhilis passes digital technology regulation bill at first reading

12 February 2020

Kazakhstan: MDAI announces introduction of draft law on digital technologies to Lower House

Insights

March 2024

Kazakhstan: Legal regulation of personal data protection in the AIFC

The interest of business, especially foreign investors, in the Astana International Financial Centre (AIFC) has been growing steadily over the past years. In the framework of the AIFC, Kazakhstan has, for the first time in the post-Soviet space, introduced a special jurisdiction based on the principles of the laws of England and Wales. The AIFC aims to attract investments to the Kazakhstan economy, develop local capital markets, and create effective projects in the sphere of production and services. As of February 7, 2024, 2,537 companies are registered in the AIFC.¹ The regulatory framework of the AIFC has been actively developing. In this article, Yekaterina Khamidullina, Partner at AEQUITAS Law Firm, considers the legal regulation of personal data protection in the AIFC, the basis of which is formed by the AIFC Data Protection Regulations (the Regulations) and the AIFC Data Protection Rules.

Kazakhstan

Summary

Browse more jurisdictions:

Browse more content in Kazakhstan

News

Insights

Get the Latest News

Thanks for signing up!

Company

Our Policies

Your Rights

Follow us