of April 29, 2022 No. 144/Tax Code
About approval of Rules of functioning of the state service of access control to personal data
According to subitem 7-2) of Item 1 of article 27-1 of the Law of the Republic of Kazakhstan "About personal data and their protection" PRIKAZYVAYU:
1. Approve the enclosed Rules of functioning of the state service of access control to personal data.
2. To provide to committee on information security of the Ministry of digital development, innovations and aerospace industry of the Republic of Kazakhstan:
1) state registration of this order in the Ministry of Justice of the Republic of Kazakhstan;
2) placement of this order on Internet resource of the Ministry of digital development, innovations and the aerospace industry of the Republic of Kazakhstan;
3) within ten working days after state registration of this order in the Ministry of Justice of the Republic of Kazakhstan submission to Legal department of the Ministry of digital development, innovations and the aerospace industry of the Republic of Kazakhstan of data on execution of the actions provided by subitems 1) and 2) of this Item.
3. To impose control of execution of this order on the supervising vice-minister of digital development, innovations and the aerospace industry of the Republic of Kazakhstan.
4. This order becomes effective after ten calendar days after day of its first official publication.
Minister of digital development, innovations and aerospace industry of the Republic of Kazakhstan
B. Musin
Approved by the Order of the Minister of digital development, innovations and the aerospace industry of the Republic of Kazakhstan of April 29, 2022 No. 144/Tax Code
1. These rules of functioning of the state service of access control to personal data (further – Rules) are developed according to subitem 7-2) of Item 1 of article 27-1 of the Law of the Republic of Kazakhstan "About personal data and their protection" (further – the Law) and determine procedure for functioning of the state service of access control to personal data.
2. In these rules the following basic concepts are used:
1) the SMS gateway of Single contact center "1414" – component of "the electronic government" for departure and acceptance of Sms;
2) the initiator – the information system initiating request for access to personal data;
3) verification token – the electronic key in the form of set of certain number of digits and letters intended for assurance of receipt of consent by the initiator and (or) operator from the subject of personal data;
4) personal data – the data relating to the subject of personal data determined or determined on their basis, fixed on electronic, paper and (or) other material medium;
5) the state service of access control to personal data (further – the state service) – the service providing information exchange of owners and (or) operators, the third parties with the subject of personal data and authorized body in case of access to the personal data containing in objects of informatization of state bodies and (or) the state legal entities including obtaining from the subject of personal data of consent to collection, personal data processing or their transfer to the third parties;
6) the owner of the base containing personal data (further – the owner) – the state body, the physical and (or) legal entity exercising right of possession, uses and orders of the base containing personal data according to the laws of the Republic of Kazakhstan;
7) the operator of the base containing personal data (further – the operator) – the state body, the physical and (or) legal entity performing collection, processing and personal data protection;
8) the safety token – the electronic key in the form of set of certain number of digits and letters in the JWT format intended for information security support of the user is also used for identification of its owner;
9) the subject of personal data (further – the subject) – physical person to which personal data belong;
10) authorized body in the field of personal data protection (further – authorized body) – the central executive body performing management in the field of personal data protection;
11) base of mobile citizens (further – BMG) – single base of subscriber numbers of cellular transmission network of users of "the electronic government";
12) the gateway of "the electronic government" (further – ShEP) – the information system intended for integration of objects of informatization of "the electronic government" with other objects of informatization of "the electronic government".
3. Functioning of the state service of access control to personal data is performed in case of automation of the following processes:
1) information exchange of owners and (or) operators, the third parties with the subject and authorized body in case of access to the personal data containing in objects of informatization of state bodies and (or) the state legal entities including obtaining from the subject of consent to collection, personal data processing or their transfer to the third parties;
2) provision by the subject or his legal representative of consent (failure) to collection and (or) personal data processing, the state bodies and (or) the state legal entities containing in objects of informatization;
3) response the subject or his legal representative of consent to collection and (or) personal data processing, the state bodies and (or) the state legal entities containing in objects of informatization;
4) the notification of the subject on actions with its personal data containing in objects of informatization of state bodies and (or) the state legal entities (access, viewing, change, amendment, transfer, blocking, destruction);
5) representation to the subject of information about the owners and (or) operators having the consent to collection and (or) processing of its personal data containing in objects of informatization of state bodies and (or) the state legal entities.
4. Process of gaining access to personal data is performed by two methods:
1) by means of sending by the initiator and (or) operator of request for access to personal data and receipt of the answer from the subject of the Sms via the SMS gateway of Single contact center "1414" about consent (failure) to collection and (or) personal data processing or their transfer to the third parties (further – the request/answer through Single contact center "1414");
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.