Article 1. The basic concepts used in this Law are the Law on Personal Data and Their Protection

     The following basic concepts are used in this Law:

     1) biometric data – personal data that characterizes the physiological and biological characteristics of the subject of personal data, on the basis of which it is possible to establish his identity;

     2) personal data – data, including biometric data, related to a specific or identifiable personal data subject, recorded on electronic, paper and (or) other tangible media;

     2-1) the state service for access control to personal data (hereinafter referred to as the state service) is a service that provides information interaction between owners and (or) operators, third parties with the personal data subject and the authorized body when accessing personal data contained in the objects of informatization of state bodies and (or) state legal entities, including obtaining information from personal data subject's consent to the collection, processing of personal data or their transfer to third parties;

     2-2) a non–governmental personal data access control service (hereinafter referred to as a non–governmental service) is a service that provides information interaction between owners and (or) operators, third parties, and a personal data subject when accessing personal data contained in non-governmental informatization facilities, including obtaining consent from the personal data subject to collect, process personal data, or their transfer to third parties;

  2-3) automated processing of personal data is the processing of personal data by an object of informatization, excluding the participation of the owner and (or) operator, as well as a third party in the processing process.;

     3) blocking of personal data – actions to temporarily stop the collection, accumulation, modification, addition, use, dissemination, depersonalization and destruction of personal data;

     4) accumulation of personal data – actions to systematize personal data by entering them into a database containing personal data;

     5) collection of personal data – actions aimed at obtaining personal data;

     6) destruction of personal data – actions, as a result of which it is impossible to restore personal data;

     7) depersonalization of personal data – actions, as a result of which it is impossible to determine the identity of personal data to the subject of personal data;

     8) the database containing personal data (hereinafter referred to as the database) is a set of ordered personal data;

      9) the owner of the database containing personal data (hereinafter referred to as the owner) is a government agency, an individual and (or) a legal entity exercising, in accordance with the laws of the Republic of Kazakhstan, the right to own, use and dispose of the database containing personal data;  

     10) the operator of a database containing personal data (hereinafter referred to as the operator) is a government agency, an individual and (or) a legal entity that collects, processes and protects personal data;

     11) personal data protection – a set of measures, including legal, organizational and technical, carried out for the purposes established by this Law;

     11-1) the authorized body in the field of personal data protection (hereinafter referred to as the authorized body) is the central executive body responsible for managing personal data protection.;

     11-2) Excluded by the Law of the Republic of Kazakhstan dated 12/30/2021 No. 96-VII (effective sixty calendar days after the date of its first official publication).  

     12) personal data processing – actions aimed at accumulation, storage, modification, addition, use, dissemination, depersonalization, blocking and destruction of personal data;

     13) use of personal data – actions with personal data aimed at achieving the goals of the owner, operator and a third party;

     14) personal data storage – actions to ensure the integrity, confidentiality and accessibility of personal data;

     15) dissemination of personal data – actions that result in the transfer of personal data, including through mass media, or the provision of access to personal data in any other way;

     15-1) violation of personal data security – violation of personal data protection, resulting in illegal dissemination, modification and destruction, unauthorized dissemination of transmitted, stored or otherwise processed personal data or unauthorized access to them;

     16) the subject of personal data (hereinafter referred to as the subject) is an individual to whom personal data relate;

     17) a third party is a person who is not a subject, owner and (or) operator, but is related to them (him) by circumstances or legal relations related to the collection, processing and protection of personal data.

The Law of the Republic of Kazakhstan dated May 21, 2013 No. 94-V.

     This Law regulates public relations in the field of personal data, as well as defines the purpose, principles and legal basis of activities related to the collection, processing and protection of personal data.

President    

Republic of Kazakhstan     

© 2012. RSE na PHB "Institute of Legislation and Legal Information of the Republic of Kazakhstan" of the Ministry of Justice of the Republic of Kazakhstan  

 Constitution Law Code Standard Decree Order Decision Resolution Lawyer Almaty Lawyer Legal service Legal advice Civil Criminal Administrative cases Disputes Defense Arbitration Law Company Kazakhstan Law Firm Court Cases