Law: Law of 7 May 2021 No. 99-Z on Personal Data Protection

Regulator: The Presidential Edict No. 422 dated 28 October 2021 established the National Data Protection Center in Belarus. In addition, general governance in the sphere of information protection is performed by the President of the Republic of Belarus and the Council of Ministers of the Republic of Belarus.

Summary: The Law of May 7, 2021 No. 99-Z on Personal Data Protection (the PDP Law) was passed by the House of Representatives of the National Assembly of the Republic of Belarus on April 2, 2021 and was signed into law by the President on May 7, 2021, before entering into effect on November 15, 2021.

Notably, the PDP Law follows many of the same basic principles as the GDPR and aims to introduce purpose limitation and data minimisation principles, provisions on consent and cross-border transfers, as well as a number of obligations for operators, including data breach and security requirements.

The National Data Protection Center (NDPC) functions as the data protection authority in Belarus, although general governance in the sphere of information protection is performed by the President of the Republic of Belarus (the President) and the Council of Ministers of the Republic of Belarus (the Council of Ministers).

In addition to the PDP Law, the Law of November 10, 2008 No. 455-Z on Information, Informatization and Protection of Information (the Law on Information) provides a regulatory framework on the collection, storage, usage, processing, and transfer of data in Belarus.