Kazakhstan: Provisions on processing requirements and data protection authority enter into force
OneTrust DataGuidance confirmed, on 7 July 2020, with Damir Muratbekov, associate at Hellar Lomax, that Law of 25 June 2020 No. 347-VI on the Amendments and Regulation of Digital Technologies ('the Law') has come into force, following its signing into law by the President of Kazakhstan and official publication. In particular, the Law provides for the establishment of a data protection authority, which will carry out its competencies in the management of data protection supervision and enforcement and issue guidance and clarifications on matters arising in this field. Additionally, the Law introduces new data collection and processing requirements, such as the need for data to be collected and processed both with valid consent and through legitimate purposes. Furthermore, the Law provides that personal data which, in content or volume, does not adhere to such purposes, may not be subject to any processing.
Furthermore, the Law divides data into publicly available and restricted personal data, whereby publicly available data obtained without consent may be, at the request of the data subject, removed and deleted. Moreover, the Law also introduces the concept of anonymisation of data for the purposes of statistical, sociological, scientific, or marketing research.
You can access the Law, only available Kazakh, here.