It is registered
Ministry of Justice
Republic of Uzbekistan
On November 15, 2023 No. 3477
of November 14, 2023 No. 19-mkh
About approval of the Standard procedure for the organization of activities of structural division or the authorized person of the owner and (or) operator of base of personal data providing personal data processing and their protection
According to the Law of the Republic of Uzbekistan "About personal data" PRIKAZYVAYU:
1. Approve the Standard procedure for the organization of activities of structural division or the authorized person of the owner and (or) operator of base of personal data providing personal data processing and their protection according to appendix.
2. This order becomes effective from the date of its official publication.
Minister of Justice
A.D.Tashkulov
Appendix
to the Order of the Minister of Justice of the Republic of Uzbekistan of November 14, 2023 No. 19-mkh
This Standard procedure determines procedure for the organization of activities of structural division (further - division) or the authorized person of the owner and (or) the operator of base of personal data providing personal data processing and their protection.
1. In this Standard procedure the following basic concepts are used:
personal data - the information fixed on electronic, paper and (or) other material medium relating to certain physical person or giving the chance of its identification;
the subject of personal data (subject) - physical person to which personal data belong;
base of personal data - the database in the form of information system containing personal data in the structure;
personal data processing - realization of one or sets of actions for collection, systematization, storage, change, amendment, use, provision, distribution, transfer, depersonalization and destruction of personal data;
the operator of base of personal data (operator) - state body, the physical and (or) legal entity performing personal data processing;
the owner of base of personal data (owner) - state body, the physical and (or) legal entity having right of possession, uses and orders of base of personal data;
the authorized person - the responsible person designated by the owner and (or) the operator, providing personal data processing and their protection;
division - the division consisting of two and more responsible persons designated by the owner and (or) the operator for ensuring personal data processing and their protection;
confidentiality of personal data - the mandatory requirement about inadmissibility of disclosure and distribution of personal data without the consent of the subject of personal data or availability of other legal cause;
blocking (restriction) of personal data - temporary suspension of personal data processing (except as specified when processing is necessary for refining of personal data).
2. The owner and (or) the operator creates division or designates the authorized person for ensuring personal data processing and their protection, proceeding from amount of tasks, the number of databases and extent of their automation.
3. The division or the authorized person carries out legal orders only of the owner and (or) the operator and is responsible just before the head of the owner and (or) the operator.
4. The division or the authorized person performs the activities according to the Law of the Republic of Uzbekistan "About personal data", other acts of the legislation in the field of personal data, the requirements of this Standard procedure and regulations approved by the owner and (or) the operator.
5. In case of transfer of the head and the staff of division or the authorized person for other work (in case of liquidation of division) or termination of the employment contract signed with them their right of access to the database is cancelled by the owner and (or) the operator in time no later than the last working day.
6. The main objectives of division or the authorized person are:
in case of personal data processing ensuring their protection, integrity and safety, and also maintaining confidentiality;
prevention of illegal personal data processing, blocking (restriction) of personal data in coordination with the owner and (or) the operator in case of identification of violation of the requirements established by the legislation;
the organization and coordination of information security policy for safety of base of personal data of the owner and (or) the operator;
the organization of seminars and trainings for the employees working with personal data;
in case of safety of base of personal data of the owner and (or) operator studying of the reasons of threats, and also development of offers and recommendations about elimination of the available shortcomings and to their prevention.
The division or the authorized person can carry out also other tasks according to acts of the legislation. At the same time the owner and (or) the operator shall provide that any tasks which are carried out by division or the authorized person did not lead to conflict of interest.
7. The division or the authorized person have the right:
it is temporary to suspend work of bases of personal data with the permission of the owner and (or) the operator before remedial action revealed in base of personal data;
address to the Agency of personalisation under the Ministry of Justice of the Republic of Uzbekistan for receipt of the corresponding recommendations of this Agency for any problems and (or) ambiguities arising in the course of work with personal data;
unrestricted access to the base of personal data which is available for the owner and (or) the operator for execution of the obligations;
obtain information from the owner and (or) the operator about the purposes of personal data processing.
The division or the authorized person can have also other rights according to the acts of the legislation and (or) regulations approved by the owner or the operator.
8. The division or the authorized person shall:
exercise internal control behind observance of acts of the legislation on personal data by employees of the owner and (or) operator;
carry out recurring inspections of base of personal data and activities of the employees working in this base and also to perform improvement of condition and practice of personal data processing;
organize destruction of personal data after storage duration of personal data or after goal achievement of their collection and processing;
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.