Law: AIFC Data Protection Regulations No. 10 of December 20, 2017 (AIFC Regulations) and the AIFC Data Protection Rules No. 1 of January 22, 2018 (AIFC Rules)

Regulator: Commissioner of Data Protection

Summary: The Astana International Financial Centre (AIFC) is a regional centre for business and finance, officially launched in 2018 in Kazakhstan. The AIFC has a special legal regime that applies to the financial sector and ensure personal data protection through the AIFC Regulations and the AIFC Rules. The Commissioner of Data Protection, as the supervisory regulator for privacy in the AIFC, is responsible for administrating the AIFC Regulations and Rules and for receiving processing notifications.

The AIFC Regulations closely align with the General Data Protection Regulation (GDPR) in that they provide key principles of personal data processing and mandate rules for the processing of sensitive personal data. There are, however, some differences when compared with the GDPR, such as that the AIFC Regulations do not provide that security requirements for processing sensitive personal data. Furthermore, the AIFC Regulations do not specify the right to data portability as one of the rights of the data subject. Finally, it is important to note that the Law of the Republic of Kazakhstan of 21 May 2013 No. 94-V on Personal Data and its Protection is applicable in the AIFC to the extent processing is not regulated by the AIFC-specific data protection laws mentioned above.