The Parliament of the Republic of Kazakhstan is considering a draft law of the Republic of Kazakhstan 'On the Introduction of Amendments to Some Legislative Acts of the Republic of Kazakhstan on the Regulation of Digital Technologies' (hereinafter - the 'Draft Law').
The Draft Law introduces a number of amendments to the Law of the Republic of Kazakhstan, dated 21 May 2013, 'On Personal Data and Protection Thereof' (hereinafter – the 'Law'). Main changes to the Law are summarised below.
Competent Authority for Personal Data Protection
The Draft Law proposes to introduce the concept of a competent authority for personal data protection (hereinafter - the 'Competent Authority'). This body is defined as the central executive authority managing in the area of personal data protection. Its competence will include, inter alia:
We believe that the creation of the Competent Authority should lead to increased control over the activities of persons involved in the collection and processing of personal data.
Leila Makhmetova
Counsel
Ph. +7 701 221 90 16
Email: lmakhmetova@gratanet.com
Zarina Malikova
Lawyer
Ph. + 7 747 141 05 33
Email: zmalikova@gratanet.com
____________________________________
[1] The owner of the personal database (hereinafter - the 'Owner') means a state authority, individual and(or) legal entity that, in accordance with the laws of the Republic of Kazakhstan, exercise the right to own, use and dispose of the database containing personal data.
[2] Operator of the database containing personal data (hereinafter - the 'Operator') means the state authority, individual and(or) legal entity engaged in the collection, processing and protection of personal data.
[3] Third party means a person, which is not the Subject, Owner and(or) Operator, but is connected therewith by legal circumstances or relations for the collection, processing and protection of the personal data.
[4] Personal Data Subject (hereinafter - the 'Subject') means an individual, to whom the personal data refers.