Document from CIS Legislation database © 2003-2025 SojuzPravoInform LLC

I.O.'S ORDER OF THE MINISTER OF DIGITAL DEVELOPMENT, INNOVATIONS AND AEROSPACE INDUSTRY OF THE REPUBLIC OF KAZAKHSTAN

of August 9, 2024 No. 481/Tax Code

About approval of Rules of implementation of the notification of subjects of personal data on violation of safety of personal data

According to the Law of the Republic of Kazakhstan "About personal data and their protection", and also subitem 268-6) of Item 15 of the Regulations on the Ministry of the digital development, innovations and the aerospace industry of the Republic of Kazakhstan approved by the order of the Government of the Republic of Kazakhstan No. 501, I ORDER:

1. Approve the enclosed Rules of implementation of the notification of subjects of personal data about violation of safety of personal data according to appendix to this order.

2. To provide to committee on information security of the Ministry of digital development, innovations and aerospace industry of the Republic of Kazakhstan in the procedure established by the legislation of the Republic of Kazakhstan:

1) state registration of this order in the Ministry of Justice of the Republic of Kazakhstan;

2) placement of this order on Internet resource of the Ministry of digital development, innovations and the aerospace industry of the Republic of Kazakhstan after its official publication.

3. To impose control of execution of this order on the supervising vice-minister of digital development, innovations and the aerospace industry of the Republic of Kazakhstan.

4. This order becomes effective after ten calendar days after day of its first official publication.

Acting minister of digital development, innovations and aerospace industry of the Republic of Kazakhstan

K. Tuleushin

Approved by the Order of the acting minister of digital development, innovations and the aerospace industry of the Republic of Kazakhstan of August 9, 2024 No. 481/Tax Code

Rules of implementation of the notification of subjects of personal data about violation of safety of personal data

Chapter 1. General provisions

1. These rules of implementation of the notification of subjects of personal data on violation of safety of personal data (further - Rules) are developed according to the Law of the Republic of Kazakhstan "About personal data and their protection" (further - the Law), and also subitem 268-6) of Item 15 of the Regulations on the Ministry of the digital development, innovations and the aerospace industry of the Republic of Kazakhstan approved by the order of the Government of the Republic of Kazakhstan No. 501, and determine procedure of the notification of subjects of personal data on violation of safety of personal data.

2. In these rules the following basic concepts are used:

1) personal data - the data relating to the subject of personal data determined or determined on their basis, fixed on electronic, paper and (or) other material medium;

2) the base containing personal data (further - base) - set of the arranged personal data;

3) the owner of the base containing personal data (further - the owner), - the state body, the physical and (or) legal entity exercising right of possession, uses and orders of the base containing personal data according to the laws of the Republic of Kazakhstan;

4) the operator of the base containing personal data (further - the operator) - the state body, the physical and (or) legal entity performing collection, processing and personal data protection;

5) authorized body in the field of personal data protection (further - authorized body) - the central executive body performing management in the field of personal data protection;

6) violation of safety of personal data - the security violation of personal data which entailed illegal distribution, change and destruction, unauthorized distribution transferred, stored or otherwise the processed personal data or illegal access to them;

7) distribution of personal data - actions which making is resulted by transfer of personal data, including through mass media or provision of access to personal data any different way;

8) the subject of personal data (further - the subject) - physical person to which personal data belong;

9) the operator of information and communication infrastructure of "the electronic government" - the legal entity determined by the Government of the Republic of Kazakhstan to which ensuring functioning of the information and communication infrastructure of "the electronic government" assigned to it is assigned;

10) the user's office on the web portal of "the electronic government" - the web portal component of "the electronic government" intended for official information exchange of physical persons and legal entities with state bodies concerning rendering services electronically, to questions of the address to the subjects considering addresses of specified persons and also uses of personal data.

Other concepts used in these rules are applied according to the Law and the Law of the Republic of Kazakhstan "About informatization".

Chapter 2. The notification procedure of subjects of personal data about violation of safety of personal data

3. Within 1 (one) working day since the moment of detection of violation of safety of personal data the owner and (or) the operator notify authorized body on this violation with indication of the following information:

contact information of person responsible for the organization of personal data processing (in the presence);

the measures taken for violation elimination;

personal data of subjects necessary for the subsequent direction for them of the notification: surname, name, middle name (in case of its availability) and (or) individual identification number and (or) subscriber number of cellular communication.

4. The operational Information Security Center, service of response to incidents of information security, national coordination Information Security Center, industry Information Security Center, national service of response to computer incidents of information security, the state operational Information Security Center within the competence within one working day since the moment of detection of violation of safety of personal data by them notify authorized body on this violation with indication of the following information:

personal data of subjects necessary for the subsequent direction for them of the notification: surname, name, middle name (in case of its availability) and (or) individual identification number and (or) subscriber number of cellular communication;

necessary measures for personal data protection, including legal, organizational and technical.

5. The notification (notification) goes to authorized body in writing or in electronic form or method using elements of the protective actions which are not contradicting the Law.

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SoyuzPravoInform LLC.