On approval of the Rules for the implementation of a survey to ensure the security of the processes of storage, processing and distribution of personal data of restricted access contained in electronic information resources

New Unofficial translation

Order of the Minister of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan dated April 30, 2021 No. 156/НҚ. Registered with the Ministry of Justice of the Republic of Kazakhstan on May 4, 2021 No. 22689

      Unofficial translation

      In accordance with subparagraph 7-1) of paragraph 1 of article 27-1 of the Law of the Republic of Kazakhstan dated May 21, 2013 "On personal data and their protection" I HEREBY ORDER:

      1. To approve the attached Rules for the implementation of a survey to ensure the security of the processes of storage, processing and distribution of personal data of restricted access contained in electronic information resources.

      2. The Information Security Committee of the Ministry of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan shall ensure:

      1) state registration of this order with the Ministry of Justice of the Republic of Kazakhstan;

      2) placement of this order on the Internet resource of the Ministry of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan;

      3) within ten working days after the state registration of this order, submission to the Legal Department of the Ministry of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan of information on the implementation of the measures provided for in subparagraphs 1) and 2) of this paragraph.

      3. To impose control over the execution of this order on the supervising vice minister of digital development, innovation and aerospace industry of the Republic of Kazakhstan.

      4. This order shall come into effect ten calendar days after the day of its first official publication.

      Minister of Digital Development,
Innovation and Aerospace Industry
of the Republic of Kazakhstan
B. Mussin

      "AGREED"
National Security
Committee of the Republic of Kazakhstan

      "AGREED"
Ministry of National Economy of the
Republic of Kazakhstan

  Approved
by order of the Minister
of Digital Development,
Innovation and Aerospace Industry
of the Republic of Kazakhstan
dated April 30, 2021 No. 156/НҚ

The Rules for the implementation of a survey to ensure the security of the processes of storage, processing and distribution of personal data of restricted access contained in electronic information resources

Chapter 1. General Provisions

      1. These Rules for the implementation of a survey to ensure the security of the processes of storage, processing and distribution of personal data of restricted access contained in electronic information resources (hereinafter referred to as the Rules) have been developed in accordance with subparagraph 7-1) of paragraph 1 of Article 27-1 of the Law of the Republic of Kazakhstan dated May 21 2013 “On personal data and their protection” (hereinafter referred to as the Law) and shall determine the procedure for conducting a survey to ensure the security of the processes of storage, processing and distribution of personal data of limited access contained in electronic information resources.

      2. The following basic concepts shall be used in these Rules:

      1) owner of the database containing personal data (hereinafter referred to as the Owner) - a state body, an individual and (or) legal entity, implementing in accordance with the laws of the Republic of Kazakhstan the right to own, use and dispose of the database containing personal data;

      2) operator of the base containing personal data (hereinafter referred to as the Operator), - the state body, individual and (or) legal entity that collects, processes and protection of personal data;

      3) protection of personal data - a set of measures, including legal, organizational and technical, carried out for the purposes established by the Law;

      4) processing of personal data - actions aimed at the accumulation, storage, modification, addition, use, distribution, depersonalization, blocking and destruction of personal data;

      5) distribution of personal data - actions resulting in the transfer of personal data, including through the media or providing access to personal data in any other way;

      6) personal data of limited access - personal data, access to which is limited by the legislation of the Republic of Kazakhstan;

      7) state technical service - a joint-stock company established by decision of the Government of the Republic of Kazakhstan;

      8) third party - a person who is not the subject, owner and (or) operator, but associated with them (him/her) by circumstances or legal relations for the collection, processing and protection of personal data.

      9) survey of ensuring the security of the processes of storage, processing and distribution of personal data of restricted access contained in electronic information resources (hereinafter referred to as the Survey) - an assessment of the security measures and protective actions used in the processing, storage, distribution and protection of personal data of restricted access contained in electronic information resources.

      10) survey subjects - owners and (or) operators, as well as third parties processing personal data of limited access contained in electronic information resources.

Chapter 2. The procedure for the implementation of a survey to ensure the security of the processes of storage, processing and distribution of personal data of restricted access contained in electronic information resources

      3. For the survey, the subjects of the survey shall provide access to the state technical service to informatization objects that use, store, process and distribute personal data of limited access contained in electronic information resources.

      4. During the survey, an analysis of the legal, organizational and technical measures established by the Rules for the implementation by the owner and (or) operator, as well as a third party of measures to protect personal data, approved by the Decree of the Government of the Republic of Kazakhstan dated September 3, 2013 No. 909, shall be carried out.

      5. Based on the results of the survey of the informatization object, the State Technical Service shall form a report on the survey, as well as recommendations for eliminating the identified inconsistencies (if any).

If you found any error on the page, please highlight a word or a phrase and then press «Ctrl+Enter» key combination

 

On-page search

Enter text to search

Hint: Browser has internal on-page search. It works faster and is usually activated by pressing ctrl-F.