Request A Demo Login Now Sign up to DataGuidance Alerts DataGuidance DataPrivacy Index Cookie Consent Guide Data Protection Law & Policy Download a DataGuidance Brochure DataGuidance Videos


The transverse study performed by DataGuidance is particularly interesting and innovative as it enables one, at a glance, to obtain information on the obligations that lie with companies in terms of data breach in a large number of countries. Yet, very often, companies which are victims of a data breach are not subject to the breach in only one of the countries where they are set up, but in several countries. In such case, they must react extremely quickly notably in terms of informing control authorities if applicable. Having this transverse study, they will necessarily save precious time.
Florence Chafiol-Chaumont, Partner at August & Debouzy
RSS feed of this page Updated: 02/12/2013 
Sharing disabled by cookie consent preference.
Privacy This Week powered by DataGuidance

back to Privacy This Week

CIS: Kazakhstan privacy law now in force

Kazakhstani Law No. 94-V on Personal Data and its Protection ('the Law') came in force on 26 November 2013, imposing new data protection requirements and regulating the collection and processing of personal data, data subjects' rights, access and confidentiality requirements, data processing without data subject's consent and cross-border data transfer rules, among other things.

The Law defines 'personal data', 'database owner' and 'database operator' among others. The Law also stipulates that personal data may only be collected and processed for specific purposes. Furthermore, unless an exception applies, companies must obtain data subject's consent either in writing, within an electronic document with a verified digital signature or another method that meets Kazakhstan legal requirements.

It is not clear how data would be transferred internationally and stored in international servers.

The Law prohibits data transfers to countries that do not have an adequate level of personal data protection unless the consent of the individual is obtained.

''[T]here are some issues that the companies [will] face while trying to comply with the Law'', Azim Usmanov, Partner at Colibri Law Firm, told DataGuidance. ''These issues refer to territoriality of the Law; [lack of] availability of any other forms, except for written form [for obtaining consent]. Besides, it is not clear how the data would be transferred internationally and stored in international servers and how the international companies would bear administrative liability for failure to fulfill the requirements of the Law. The competent authority is also not stipulated by the Law.''

The Law also impacts several other laws in Kazakhstan, including the Civil Code, Labor Code, Code on Public Health and Health Care System and the Law on Informatisation.

Usmanov said, ''[C]ompanies [should] develop the special policy on protection of personal data, internal documents related to collection and processing of personal data as well as a written form [for obtaining individual's consent].''

© 2015 Cecile Park Publishing Ltd. All rights reserved

Sharing disabled by cookie consent preference.

Other News

© 2016 Cecile Park Publishing Ltd. Privacy Policy | Terms and Conditions | Sitemap
Address: 17 The Timber Yard, Drysdale Street, London, N1 6ND, UK | Phone: +44 (0)20 7012 1380 | Email: