Outsourcing personal data officer services
Outsourcing of personal data officer services may include:
- launching the personal data officer’s department;
- day-to-day control over compliance with internal processes and procedures;
- processing applications of personal data owners (complaints, inquiries);
- interacting with regulatory authorities;
- staff training.
Due diligence of processes and procedures
Conducting due diligences of internal processes and procedures related to the collection, use, storage and transfer of personal data, assessment of compliance with personal data laws, developing recommendations to eliminate any non-compliance found.
Developing and adopting policies and other documents, updating
Developing personal data policies and other internal documentation, such as:
- personal data law compliance policy;
- policy for accepting and processing applications from data owners;
- policy for eliminating non-compliance with personal data laws;
- data owners’ letters of consent;
- adapting foreign personal data practices in conformity with requirements of the Kazakhstan legislation;
- amending the policies or other documents as per the amendments to the Kazakhstan legislation.
Employee trainings on personal data law issues, and trainings on internal processes and procedures.
Implementation of procedures and control
Control over the implementation of procedures for the collection and processing of personal data, legal support during the implementation.
Providing legal advice on personal data matters
Legal support in the course of proceedings involving personal data violations, including representation before courts and state authorities
Frequently asked questions
Who should appoint a data protection officer?
Any legal entity regardless of its business area, if such entity collects and processes, at least, data of its employees, and candidates for vacant positions, personal data of its counterparties’ employees.
Who is a data protection officer?
An employee of a company, or a specialist who arranges personal data processing under a service contract. The main function of such data protection officer is to monitor the compliance of a company with the personal data legislation, as well as control over acceptance and processing of applications from data owners.
What are other functions of a data protection officer?
The Republic of Kazakhstan Law "On Personal Data and Its Protection" vests three statutory functions upon a data protection officer:
- to exercise internal control over the compliance of a company and its employees with the personal data laws of the Republic of Kazakhstan, including the requirements to the protection of personal data;
- inform the company’s employees about the personal data law provisions;
- control over the acceptance and processing of applications from data owners concerning withdrawal of their personal data, infringement of their rights, etc.
A list of functions may be expanded at the option of entrepreneurs.