Uzbekistan strengthened requirements for the protection of personal data

Cabinet of Ministers adopted a Decree "On approval of some legal acts in the field of processing personal data" No. 570 dated October 5, 2022.

The Decree approved the Regulation on determining the degree of protection of personal data during their processing (the “Regulation”). According to this Regulation:

• the owner and (or) the operator in the processing of personal data, based on the existing threats to their security, shall take organizational and technical measures to protect them;
• a threat to the security of personal data means a set of conditions and factors that could lead to unauthorized, including accidental access to the database, modification, filling, use, provision, dissemination, transfer, assignment, destruction, copying, as well as other unlawful acts;
• depending on the declaration in the system and practical database software threats are classified into 3 types;
• when processing personal data in database, there are 4 levels of data protection.

At the same time, in order to establish the levels of protection of personal data and during the processing of personal data in the database, specific conditions must be met.

This legal act will come into force on January 7, 2023.