Personal data security: What Kazakhstanis should know about their rights

For Kazakhstani people to#nbsp;be#nbsp;confident that their data is#nbsp;protected when using services, it#nbsp;is#nbsp;necessary to#nbsp;take into account many criteria, including national legislative norms, which were described by#nbsp;Anna Batalova, lawyer, IT#nbsp;company BTS Digital, especially for the Telegram-channel Q-channel

1. Transparency
Study legal documents such as#nbsp;the User Agreement and Privacy Policy. These documents shed light on#nbsp;the company’s data collection, use, storage, and protection approach.

2. Purpose of#nbsp;data collection
The service provider should clearly state why personal data is#nbsp;collected and processed. According to#nbsp;Kazakhstan’s data protection laws, data must be#nbsp;collected for specific and legitimate purposes.

3. Data storage and retention
Storing personal data in#nbsp;secure databases within Kazakhstan, as#nbsp;stipulated for specific industries, is#nbsp;mandatory. Data retention periods and storage rules should be#nbsp;clearly defined.

4. Consent
Kazakhstani legislation pays special attention to#nbsp;obtaining users' consent to#nbsp;collect and process data in#nbsp;the prescribed form. This means that it#nbsp;is#nbsp;necessary to#nbsp;comply with all formalities that the legislator has laid down

5. Third-party sharing and cross-border transfers
Information on#nbsp;the sharing or#nbsp;transferring personal data to#nbsp;third parties or#nbsp;outside Kazakhstan must be#nbsp;specified. The legislator establishes straightforward ways of#nbsp;such data transfer.

6. Withdrawal of#nbsp;consent
Users should be#nbsp;able to#nbsp;easily withdraw their consent, which is#nbsp;a#nbsp;right under Kazakhstan’s data protection rules.

7. Data protection measures
The service provider should implement strong data protection measures such as#nbsp;encryption, regular security audits, and two-factor authentication.

8. Rights of#nbsp;Data Subjects
Users must be#nbsp;informed of#nbsp;their rights following Kazakhstan’s legal framework.

9. Oversight and reporting: Organizations should have mechanisms to#nbsp;detect, report, and take appropriate action on#nbsp;data breaches following Kazakhstan’s data breach notification requirements.

10. Data Protection Officer (DPO)
Each owner (or#nbsp;operator) of#nbsp;personal data should appoint a#nbsp;person responsible for organizing the processing of#nbsp;personal data in#nbsp;case the owner and (or) operator are legal entities.

Users should proactively contact the service provider’s support team if#nbsp;any of#nbsp;the above points need clarification. And suppose there are any doubts about working with personal data. In#nbsp;that case, Kazakhstanis can and should contact the Information Security Committee under the Ministry of#nbsp;Digital Development, Innovation and Aerospace Industry of#nbsp;the Republic of#nbsp;Kazakhstan via the E-otinish system.

Awareness is#nbsp;the first line of#nbsp;defense against data leakage or#nbsp;misuse. Users can ensure their privacy is#nbsp;respected and preserved by#nbsp;knowing and understanding the protections and their rights.


Link to#nbsp;original publication: https://t.me/qchannelkz/3913 and https://t.me/qchannelkz/3914