On approval of the Rules for determining the list of personal data by owner and (or) operator necessary and sufficient for fulfillment of their tasks

Invalidated Unofficial translation

Decree of the Government of the Republic of Kazakhstan № 1214 dated November 12, 2013. Abolished by the Decree of the Government of the Republic of Kazakhstan dated 07/13/2023 No. 559

      Unofficial translation

      Footnote. Abolished by the Decree of the Government of the Republic of Kazakhstan dated 07/13/2023 No. 559 (effective from the date of its first official publication)

      In accordance with Subparagraph 3) of Article 26 of the Law of the Republic of Kazakhstan dated May 21, 2013 “On personal data and their protection”, the Government of the Republic of Kazakhstan hereby DECREES AS FOLLOWS:

      1. To approve the attached Rules for determining the list of personal data by owner and (or) operator necessary and sufficient for fulfillment of their tasks.

      2. This Decree shall come into force on November 25, 2013 and shall be subject to official publication.

      The Prime Minister
of the Republic of Kazakhstan
S. Akhmetov

  Approved by
the Decree of the Government
of the Republic of Kazakhstan
No.1214 dated November 12, 2013

Rules for determination of the list of personal data by the owner and (or) operator, necessary and sufficient for performance of tasks carried out by them

      Footnote. The Rules - as amended by the Decree of the Government of the Republic of Kazakhstan dated 18.01.2021 No. 12 (shall be enforced upon expiry of ten calendar days after the date of its first official publication).

Chapter 1. General Provisions

      1. These Rules for determination of the list of personal data by the owner and (or) operator, necessary and sufficient for performance of tasks carried out by them (hereinafter referred to as the Rules) have been developed in accordance with Subparagraph 3) of Article 26 of the Law of the Republic of Kazakhstan dated May 21, 2013 “On personal data and their protection” (hereinafter referred to as the Law) and shall determine the procedures for determination of the list of personal data by the owner and (or) operator, necessary and sufficient for performance of tasks carried out by them.

      2. The following basic concepts shall be used in these Rules:

      1) personal data - any information relating to an identified or identifiable on the basis of their personal data subject, recorded on electronic, paper and (or) other physical media;

      2) collection of personal data – actions, directed to reception of personal data;

      3) owner of the base containing personal data (hereinafter referred to as the owner) - the state authority, individual and (or) legal entity, exercising the right of possession, use and disposition of base, contained the personal data in accordance with the laws of the Republic of Kazakhstan;

      4) operator of base, containing personal data (hereinafter referred to as – operator), - the state body, individual and (or) legal entity, carrying out collection, processing and protection of personal data;

      5) authorized body in the field of personal data protection (hereinafter referred to as the authorized body)- a central executive body in charge for personal data protection;

      6) processing of personal data – actions, directed to accumulation, storage, change, supplement, use, distribution, depersonalization, blocking and destruction of personal data;

      7) personal data subject – individual, to whom personal data are referred.

Chapter 2. Procedure for determining the list of personal data by owner and (or) operator, necessary and sufficient for performance of tasks carried out by them

      3. The owner and (or) operator shall, prior to the beginning of collection and processing personal data, perform analysis of the tasks carrying out by them with respect to the use of personal data.

      When carrying out current activities, the owner and (or) operator annually re-analyze their tasks for the use of personal data, on the basis of which changes are made to the list of personal data necessary and sufficient to perform their tasks, in accordance with Paragraph 6 of these Rules.

      4. On the basis of the performed analysis, the owner and (or) operator, in the form according to Appendix to this Rules, shall determine the list of personal data, necessary and sufficient for the performance of tasks carrying out by them indicating the goals of their collection and processing within the framework of tasks.

      The goals are unambiguous, legal and correspond to the objectives of the owner and (or) operator..

      Personal data, the content and volume of which are redundant in relation to the tasks carried out by the owner and (or) operator, shall not be included in the list of personal data necessary and sufficient to perform the tasks carrying out by them.

      5. The list of personal data necessary and sufficient to perform the tasks carrying out by them shall be approved by the owner and (or) operator.

      Personal data protection shall be carried out in accordance with the Rules for implementation by owner and (or) operator, as well as a third party of measures to protect personal data, approved by the Government of the Republic of Kazakhstan.

      6. Based on the results of current activities, the owner (or) the operator annually makes changes and additions to the list of personal data necessary and sufficient for performance of tasks carrying out by them in accordance with the procedures prescribed by Paragraphs 3, 4 and 5 of these Rules.

      Amendments and additions made to the list of personal data, necessary and sufficient for performance of tasks carried out by them, shall be valid from the moment of their approval and do not apply to relations that arose before their entry into force.

      7. The owner and (or) operator shall ensure the access to the list of personal data necessary and sufficient for the performance of tasks carried out by them, by methods not prohibited by the legislation of the Republic of Kazakhstan.

  Appendix
Rules for determination of the list
of personal data by the owner and
(or) operator, necessary and
sufficient for performance of tasks
carried out by them

List of personal data necessary and sufficient for performance of tasks being carried out

Item no.

Name of the task, including functions, powers, duties

Goals of collection and processing within the framework of the task being carried out

Name of personal data for a specific goal

Reference to documents or regulatory legal acts that have direct indications of the tasks carried out by the owner and (or) operator








If you found any error on the page, please highlight a word or a phrase and then press «Ctrl+Enter» key combination

 

On-page search

Enter text to search

Hint: Browser has internal on-page search. It works faster and is usually activated by pressing ctrl-F.