Data Protection and Employee Privacy in Azerbaijan

Data Protection and Employee Privacy in Azerbaijan

1) What laws in Azerbaijan regulate the protection of employee personal data, and how do they compare to international standards?

The protection of employee personal data in Azerbaijan is regulated by the following main legislative acts:

1. The Labor Code of the Republic of Azerbaijan, approved by the Law of the Republic of Azerbaijan #618-IQ dated February 1, 1999.

2. The Law of the Republic of Azerbaijan “On personal data” #998-IIIQ dated May 11, 2010.

3. The Law of the Republic of Azerbaijan “On biometric information” #651-IIIQ dated June 13, 2008.

4. The Law of the Republic of Azerbaijan “On access to information” #1024-IIQ dated September 30, 2005.

The legislation of the Republic of Azerbaijan in the field of personal data generally aligns with international standards by establishing fundamental protection measures for personal data, but it is less developed compared to more comprehensive regulations such as the GDPR.

2) What types of employee personal data are typically protected under labor laws?

According to Article 2.1.1 of the Law “On Personal Data”, personal data is any information that allows to directly or indirectly identify an individual. Personal data are subject to protection from the moment of their collection, and for this purpose they are divided into confidential and public categories depending on the type of access (receipt). The personal data of the public category includes data anonymized in accordance with the established procedure, disclosed by the subject or entered with his/her consent into information systems created for public use. Personal data of the confidential category are subject to protection by the owners, operators and users who have obtained the right of access to this data.

The Law also distinguishes personal data of specific category - information related to race or nationality, family life, religious beliefs, health or convictions.

3) How to ensure compliance with personal data protection legislation when transferring employee personal data to third parties (e.g., contractors, partners)?

Pursuant to Article 13.1 of the Law  “On Personal Data”, transfer of personal data by third parties to the owner or operator, as well as the transfer of personal data by the latter to any third parties, is allowed only with the written consent of the subject, except in cases provided for by law.

Article 88.2 of the Labor Code also provides that an employer may transfer data on an employee's identity or employment history to another employer or relevant authority, as well as to other places only upon their written request and with the employee's consent.

4) In what form is consent obtained for the processing of employees' personal data?

In a written form, in the form of an electronic document with an enhanced electronic signature or written data provided by the subject (employee) him/herself.

5) What personal data of employees may not be requested and processed by the employer?

Except where it is required by law, the collection and processing of confidential personal data and personal data of specific category is prohibited without the written consent of the data subject (in this case, the employee).

6) What are the consequences of violating employee data protection laws?

Violation of the requirements of the legislation on personal data shall entail administrative liability in accordance with the Code of Administrative Offenses of the Republic of Azerbaijan.

Author: Nargis Tagiyeva

Azerbaijan
Employment Data Protection & Privacy