Support Centre

CIS

Insights

The interest of business, especially foreign investors, in the Astana International Financial Centre (AIFC) has been growing steadily over the past years. In the framework of the AIFC, Kazakhstan has, for the first time in the post-Soviet space, introduced a special jurisdiction based on the principles of the laws of England and Wales. The AIFC aims to attract investments to the Kazakhstan economy, develop local capital markets, and create effective projects in the sphere of production and services. As of February 7, 2024, 2,537 companies are registered in the AIFC.1 The regulatory framework of the AIFC has been actively developing. In this article, Yekaterina Khamidullina, Partner at AEQUITAS Law Firm, considers the legal regulation of personal data protection in the AIFC, the basis of which is formed by the AIFC Data Protection Regulations (the Regulations) and the AIFC Data Protection Rules.

The Law of the Republic of Uzbekistan of July 2, 2019 No. ЗРУ-547 on Personal Data (Personal Data Law) (only available in Russian here) is the main law that governs the processing, protection, and requirements related to personal data. While the Personal Data Law establishes general principles of personal data protection and processing, the Uzbek legal system relies on additional regulations to provide more detailed guidelines.

In this context, Resolution No. 570 (the Resolution), approved by the Cabinet of Ministers on October 5, 2022, plays a crucial role in specifying how the protection of personal data must be ensured. In this Insight article, Abdumalik Mukhtorov and Azizbek Suyunboev, from Azizov & Partners Firm of Advocates, aim to shed light on the interplay between the requirements outlined in these two Regulations and the provisions of the Personal Data Law.

Data protection is becoming increasingly important in all jurisdictions, including Belarus. As the financial sector expands its services, certain requirements and risks related to the processing of personal data of participants in financial transactions also increase.

In this Insight article, Alena Potorskaya and Yulia Burmistrova, from REVERA law group, consider the specifics of personal data processing in the financial sector in Belarus.

Russian employment legislation does not provide for clear guidance on permitted or prohibited practices of employee monitoring. The dos and don'ts are formed by various laws and regulatory acts, as well as enforcement practice, which altogether allows the employer to build a system of employee monitoring. Natalia Gulyaeva and Alla Gorbushina, from Hogan Lovells, provide a breakdown of employee monitoring and the legislation applicable to this.

On 22 April 2022, the National Centre for Personal Data Protection ('NCPDP') approved the standard contract for the cross-border transmission of personal data to states that do not ensure an adequate level of personal data protection. Roger Gladei, Iulian Pașatii, and Irina Culinschi, from Gladei & Partners, look at Standard Contractual Clauses ('SCCs'), their main clauses, and challenges of this newly established data transfer regime.

Russia's privacy landscape is set to change on 1 September 2022, with the entry into force of the Federal Law of 14 July 2022 No. 266-FZ on Amending the Federal Law on Personal Data ('the Amendment Law'). Amending the Federal Law of 27 July 2006 No. 152-FZ on Personal Data ('the Law on Personal Data'), the Amendment Law introduces new provisions which will enhance data protection for Russian citizens. It also imposes stricter obligations on domestic and foreign data operators in terms of how they interact with data subjects and vendors and, more importantly, how they demonstrate and document their compliance generally and specifically in the case of data transfers. OneTrust DataGuidance breaks these new provisions down, highlighting the key differences between the existing law.

In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and the Federal Law of 27 July 2006 No. 152-FZ on Personal Data (the Law on Personal Data).

The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the Law on Personal Data with the  GDPR.

You can access the latest version of the report here.

Feedback