of August 9, 2024 No. 481/Tax Code
About approval of Rules of implementation of the notification of subjects of personal data on violation of safety of personal data
According to the Law of the Republic of Kazakhstan "About personal data and their protection", and also subitem 268-6) of Item 15 of the Regulations on the Ministry of the digital development, innovations and the aerospace industry of the Republic of Kazakhstan approved by the order of the Government of the Republic of Kazakhstan No. 501, I ORDER:
1. Approve the enclosed Rules of implementation of the notification of subjects of personal data about violation of safety of personal data according to appendix to this order.
2. To provide to committee on information security of the Ministry of digital development, innovations and aerospace industry of the Republic of Kazakhstan in the procedure established by the legislation of the Republic of Kazakhstan:
1) state registration of this order in the Ministry of Justice of the Republic of Kazakhstan;
2) placement of this order on Internet resource of the Ministry of digital development, innovations and the aerospace industry of the Republic of Kazakhstan after its official publication.
3. To impose control of execution of this order on the supervising vice-minister of digital development, innovations and the aerospace industry of the Republic of Kazakhstan.
4. This order becomes effective after ten calendar days after day of its first official publication.
Acting minister of digital development, innovations and aerospace industry of the Republic of Kazakhstan
K. Tuleushin
Approved by the Order of the acting minister of digital development, innovations and the aerospace industry of the Republic of Kazakhstan of August 9, 2024 No. 481/Tax Code
1. These rules of implementation of the notification of subjects of personal data on violation of safety of personal data (further - Rules) are developed according to the Law of the Republic of Kazakhstan "About personal data and their protection" (further - the Law), and also subitem 268-6) of Item 15 of the Regulations on the Ministry of the digital development, innovations and the aerospace industry of the Republic of Kazakhstan approved by the order of the Government of the Republic of Kazakhstan No. 501, and determine procedure of the notification of subjects of personal data on violation of safety of personal data.
2. In these rules the following basic concepts are used:
1) personal data - the data relating to the subject of personal data determined or determined on their basis, fixed on electronic, paper and (or) other material medium;
2) the base containing personal data (further - base) - set of the arranged personal data;
3) the owner of the base containing personal data (further - the owner), - the state body, the physical and (or) legal entity exercising right of possession, uses and orders of the base containing personal data according to the laws of the Republic of Kazakhstan;
4) the operator of the base containing personal data (further - the operator) - the state body, the physical and (or) legal entity performing collection, processing and personal data protection;
5) authorized body in the field of personal data protection (further - authorized body) - the central executive body performing management in the field of personal data protection;
6) violation of safety of personal data - the security violation of personal data which entailed illegal distribution, change and destruction, unauthorized distribution transferred, stored or otherwise the processed personal data or illegal access to them;
7) distribution of personal data - actions which making is resulted by transfer of personal data, including through mass media or provision of access to personal data any different way;
8) the subject of personal data (further - the subject) - physical person to which personal data belong;
9) the operator of information and communication infrastructure of "the electronic government" - the legal entity determined by the Government of the Republic of Kazakhstan to which ensuring functioning of the information and communication infrastructure of "the electronic government" assigned to it is assigned;
10) the user's office on the web portal of "the electronic government" - the web portal component of "the electronic government" intended for official information exchange of physical persons and legal entities with state bodies concerning rendering services electronically, to questions of the address to the subjects considering addresses of specified persons and also uses of personal data.
Other concepts used in these rules are applied according to the Law and the Law of the Republic of Kazakhstan "About informatization".
3. Within 1 (one) working day since the moment of detection of violation of safety of personal data the owner and (or) the operator notify authorized body on this violation with indication of the following information:
contact information of person responsible for the organization of personal data processing (in the presence);
the measures taken for violation elimination;
personal data of subjects necessary for the subsequent direction for them of the notification: surname, name, middle name (in case of its availability) and (or) individual identification number and (or) subscriber number of cellular communication.
4. The operational Information Security Center, service of response to incidents of information security, national coordination Information Security Center, industry Information Security Center, national service of response to computer incidents of information security, the state operational Information Security Center within the competence within one working day since the moment of detection of violation of safety of personal data by them notify authorized body on this violation with indication of the following information:
personal data of subjects necessary for the subsequent direction for them of the notification: surname, name, middle name (in case of its availability) and (or) individual identification number and (or) subscriber number of cellular communication;
necessary measures for personal data protection, including legal, organizational and technical.
5. The notification (notification) goes to authorized body in writing or in electronic form or method using elements of the protective actions which are not contradicting the Law.
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.