Personal data security: What Kazakhstanis should know about their rights
2023-09-01 09:13
In#nbsp;today’s digital age, ensuring personal data security and confidentiality is#nbsp;paramount. Kazakhstan has established special legislative requirements for the protection of#nbsp;information.
For Kazakhstani people to#nbsp;be#nbsp;confident that their data is#nbsp;protected when using services, it#nbsp;is#nbsp;necessary to#nbsp;take into account many criteria, including national legislative norms, which were described by#nbsp;Anna Batalova, lawyer, IT#nbsp;company BTS Digital, especially for the Telegram-channel Q-channel
1. Transparency Study legal documents such as#nbsp;the User Agreement and Privacy Policy. These documents shed light on#nbsp;the company’s data collection, use, storage, and protection approach.
2. Purpose of#nbsp;data collection The service provider should clearly state why personal data is#nbsp;collected and processed. According to#nbsp;Kazakhstan’s data protection laws, data must be#nbsp;collected for specific and legitimate purposes.
3. Data storage and retention Storing personal data in#nbsp;secure databases within Kazakhstan, as#nbsp;stipulated for specific industries, is#nbsp;mandatory. Data retention periods and storage rules should be#nbsp;clearly defined.
4. Consent Kazakhstani legislation pays special attention to#nbsp;obtaining users' consent to#nbsp;collect and process data in#nbsp;the prescribed form. This means that it#nbsp;is#nbsp;necessary to#nbsp;comply with all formalities that the legislator has laid down
5. Third-party sharing and cross-border transfers Information on#nbsp;the sharing or#nbsp;transferring personal data to#nbsp;third parties or#nbsp;outside Kazakhstan must be#nbsp;specified. The legislator establishes straightforward ways of#nbsp;such data transfer.
6. Withdrawal of#nbsp;consent Users should be#nbsp;able to#nbsp;easily withdraw their consent, which is#nbsp;a#nbsp;right under Kazakhstan’s data protection rules.
7. Data protection measures The service provider should implement strong data protection measures such as#nbsp;encryption, regular security audits, and two-factor authentication.
8. Rights of#nbsp;Data Subjects Users must be#nbsp;informed of#nbsp;their rights following Kazakhstan’s legal framework.
9. Oversight and reporting: Organizations should have mechanisms to#nbsp;detect, report, and take appropriate action on#nbsp;data breaches following Kazakhstan’s data breach notification requirements.
10. Data Protection Officer (DPO) Each owner (or#nbsp;operator) of#nbsp;personal data should appoint a#nbsp;person responsible for organizing the processing of#nbsp;personal data in#nbsp;case the owner and (or) operator are legal entities.
Users should proactively contact the service provider’s support team if#nbsp;any of#nbsp;the above points need clarification. And suppose there are any doubts about working with personal data. In#nbsp;that case, Kazakhstanis can and should contact the Information Security Committee under the Ministry of#nbsp;Digital Development, Innovation and Aerospace Industry of#nbsp;the Republic of#nbsp;Kazakhstan via the E-otinish system.
Awareness is#nbsp;the first line of#nbsp;defense against data leakage or#nbsp;misuse. Users can ensure their privacy is#nbsp;respected and preserved by#nbsp;knowing and understanding the protections and their rights.