PERSONAL DATA

Outsourcing personal data officer services

Outsourcing of personal data officer services may include:

- launching the personal data officer’s department; 

- day-to-day control over compliance with internal processes and procedures;

- processing applications of personal data owners (complaints, inquiries);

- interacting with regulatory authorities; 

- staff training.  

Due diligence of processes and procedures

Conducting due diligences of internal processes and procedures related to the collection, use, storage and transfer of personal data, assessment of compliance with personal data laws, developing recommendations to eliminate any non-compliance found.

Developing and adopting policies and other documents, updating

Developing personal data policies and other internal documentation, such as:

- personal data privacy policy;

- personal data law compliance policy; 

- policy for accepting and processing applications from data owners;  

- policy for eliminating non-compliance with personal data laws;

- data owners’ letters of consent;

- adapting foreign personal data practices in conformity with requirements of the Kazakhstan legislation;

- amending the policies or other documents as per the amendments to the Kazakhstan legislation.

Training

Employee trainings on personal data law issues, and trainings on internal processes and procedures.

Implementation of procedures and control

Control over the implementation of procedures for the collection and processing of personal data, legal support during the implementation. 

Providing legal advice on personal data matters

Representation

Legal support in the course of proceedings involving personal data violations, including representation before courts and state authorities

Frequently asked questions

Who should appoint a data protection officer?

Any legal entity regardless of its business area, if such entity collects and processes, at least, data of its employees, and candidates for vacant positions, personal data of its counterparties’ employees.

Who is a data protection officer?

An employee of a company, or a specialist who arranges personal data processing under a service contract. The main function of such data protection officer is to monitor the compliance of a company with the personal data legislation, as well as control over acceptance and processing of applications from data owners.

What are other functions of a data protection officer?

The Republic of Kazakhstan Law "On Personal Data and Its Protection" vests three statutory functions upon a data protection officer:

- to exercise internal control over the compliance of a company and its employees with the personal data laws of the Republic of Kazakhstan, including the requirements to the protection of personal data;

- inform the company’s employees about the personal data law provisions;

- control over the acceptance and processing of applications from data owners concerning withdrawal of their personal data, infringement of their rights, etc.

A list of functions may be expanded at the option of entrepreneurs.