Law:  Law of the Kyrgyz Republic of 14 April 2008 No. 58 on Personal Information as amended by the Law of the Kyrgyz Republic of 20 July 2017 No. 129 (only available in Kyrgyz here and Russian here) (the Law on Personal Data)

Regulator: State Agency for Protection of Personal Data (the Agency)

Summary: On April 14, 2008, the Law of the Kyrgyz Republic on Personal Data No. 58 on Personal Information as amended (only available in Kyrgyz here and Russian here) (the Law on Personal Data) came into effect, outlining general requirements on both data controllers and processors, as well as specifying data subject rights and data transfers. The Law on Personal Data has been amended since its introduction, first on July 20, 2012, by Law No. 129 (only available in Kyrgyz here) and the most recent amendment, No. 142 on November 29, 2021.

Additionally, relevant laws such as the Constitution of the Kyrgyz Republic (only available in Kyrgyz here and Russian here) prohibits the collection, storage, use, and dissemination of confidential and private life information without consent. The Criminal Code of the Kyrgyz Republic No. 127 of October 28, 2021 (only available in Russian here and Kyrgyz here) remains applicable in addressing violations of the right to private life.

Notably, on September 14, 2021, the State Agency for Protection of Personal Data (the Agency) was created by virtue of Decree No. 391 dated as of September 14, 2021 (only available in Kyrgyz here and Russian here), as the Regulator for data protection. Among the functions of the Agency is to develop and implement a unified national policy in the field of personal information and to perform functions to ensure the protection of the rights of personal data subjects.