Document from CIS Legislation database © 2003-2021 SojuzPravoInform LLC

ORDER OF THE GOVERNMENT OF THE REPUBLIC OF KAZAKHSTAN

of September 3, 2013 No. 909

About approval of Rules of implementation by the owner and (or) operator, and also the third party of measures for personal data protection

(as amended on 30-04-2021)

According to the subitem 4) of article 26 of the Law of the Republic of Kazakhstan of May 21, 2013 "About personal data and their protection" the Government of the Republic of Kazakhstan DECIDES:

1. Approve the enclosed Rules of implementation by the owner and (or) operator, and also the third party of measures for personal data protection.

2. This resolution becomes effective since November 25, 2013 and is subject to official publication.

Prime Minister of the Republic of Kazakhstan

S. Akhmetov

Approved by the Order of the Government of the Republic of Kazakhstan of September 3, 2013 No. 909

Rules of implementation by the owner and (or) operator, and also the third party of measures for personal data protection

Chapter 1. General provisions

1. These rules of implementation by the owner and (or) operator, and also the third party of measures for personal data protection (further – Rules) are developed according to the subitem 4) of article 26 of the Law of the Republic of Kazakhstan of May 21, 2013 "About personal data and their protection" (further – the Law) and determine procedure the owner and (or) the operator, and also the third party of measures for personal data protection.

2. In these rules the following basic concepts are used:

1) personal data – the data relating to the subject of personal data determined or determined on their basis, fixed on electronic, paper and (or) other material medium;

2) blocking of personal data – actions for the temporary termination of collection, accumulating, change, amendment, use, distribution, depersonalization and destruction of personal data;

3) collection of personal data – the actions directed to receipt of personal data;

4) destruction of personal data – actions as a result of which making it is impossible to recover personal data;

5) depersonalization of personal data – actions as a result of which making determination of accessory of personal data is impossible for the subject of personal data;

6) the base containing personal data (further – base), – set of the arranged personal data;

7) the owner of the base containing personal data (further – the owner), – the state body, the physical and (or) legal entity exercising right of possession, uses and orders of the base containing personal data according to the laws of the Republic of Kazakhstan;

8) the operator of the base containing personal data (further – the operator), – the state body, the physical and (or) legal entity performing collection, processing and personal data protection;

9) personal data protection – package of measures, including legal, organizational and technical, performed for the purpose of, established by the Law;

10) authorized body in the field of personal data protection – the central executive body performing management in the field of personal data protection;

11) personal data processing – the actions directed to accumulating, storage, change, amendment, use, distribution, depersonalization, blocking and destruction of personal data;

12) the subject of personal data (further – the subject) – physical person to which personal data belong;

13) public personal data – personal data or data to which according to the legislation of the Republic of Kazakhstan requirements of maintaining confidentiality, access to which is free with the consent of the subject, do not extend;

14) personal data of limited access – personal data, access to which is limited by the legislation of the Republic of Kazakhstan;

15) the third party – person which is not the subject, the owner and (or) the operator, but related circumstances or legal relationship on collection, processing and personal data protection;

16) electronic information resources – information in electronic and digital form containing on the electronic medium and in objects of informatization.

17) inspection of ensuring security of processes of storage, processing and distribution of the personal data of limited access containing in electronic information resources (further - inspection) - assessment of the applied security measures and protective actions when implementing processing, storage, distribution and personal data protection of limited access containing in electronic information resources.

Other concepts used in these rules are applied according to the Law and the Law of the Republic of Kazakhstan of November 24, 2015 "About informatization".

Chapter 2. Procedure owner and (or) operator, and also third party of measures for personal data protection

3. The owner and (or) the operator, and also the third party shall take the necessary measures for personal data protection providing:

1) prevention of illegal access to personal data;

2) timely detection of the facts of illegal access to personal data if such illegal access did not manage to be prevented;

3) minimization of adverse effects of illegal access to personal data;

4) provision of access to the public technical service to the objects of informatization using, storing, processing and extending the personal data of limited access containing in electronic information resources for implementation of inspection according to the rules of implementation of inspection of ensuring security of processes of storage, processing and distribution of the personal data of limited access containing in electronic information resources, approved by authorized body.

4. Safety hazards of personal data are understood as set of the conditions and factors creating opportunity unauthorized including accidental, access to personal data in case of their collection and processing which result can become destruction, change, blocking, copying, unauthorized provision to the third parties, unauthorized distribution of personal data, and also other wrongful acts.

5. Personal data protection is performed by application of package of measures, including legal, organizational and technical, for the purpose of:

1) realization of the rights to personal privacy, personal and family secret;

2) ensuring their integrity and safety;

3) respect for their confidentiality;

4) realization of the right to access to them;

5) prevention of their illegal collection and processing.

6. Obligations of the owner and (or) the operator, and also the third party on personal data protection arise from the moment of collection of personal data and are effective until their destruction or depersonalization.

7. It is necessary for ensuring personal data protection:

1) selection of the business processes containing personal data;

2) separation of personal data on public and limited access;

3) determination of the list of the persons which are performing collection and personal data processing or having to them access;

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SojuzPravoInform LLC. UI/UX design by Intelliants.