SERVICES

• Advising on the issues of the laws of Kazakhstan and the AIFC in the personal data protection sphere.
• Legal audit of the personal data processing and protection system: verification of documents regulating the procedure for collection, storage (including database localization), transfer and other types of personal data processing and measures to ensure personal data security at a company as to compliance with the current legislation, elaboration of recommendations on how to bring the processes into compliance with requirements.
• Analysis of the models of doing business in Kazakhstan as part of proper compliance with the local data protection legislation most convenient for the client, including in the course of international circulation of various goods, digital healthcare, development and support of software for the protection of accounts, prevention of fraud and abuse, payment optimization, chargeback management, and concerning other practice areas involving collection and processing of personal data (including medical personal data).
• Drafting of consents to personal data processing, cross-border transfer, and distribution of information among healthcare professionals.
• Drafting of a mandatory set of documents on the personal data of employees and other persons, including:
• model form of consent to personal data processing;
  • personal data regulations;
  • special provisions to employment and other contracts;
  • order on appointment of a person responsible for drafting the below list;
  • list of personal data required and sufficient for attaining the pursued objectives;
  • list of the persons who collect and process personal data and have access thereto, and who are responsible for implementing the measures to ensure personal data safety;
  • order on approval of the final set of documents; and
  • other documents.
• Client representation in the course of inspections conducted by authorized agencies of public authorities in the sphere of personal data protection and security.
• Advising on the issues of cross-border transfer of personal data, drafting of agreements on processing and cross-border transfer of personal data, confidentiality agreements and non-disclosure agreements.
• Advising on establishing the information protection system and application of legal, organizational, and technical information protection means.
• Advising and conducting trainings as to compliance with the European legislation on personal data protection (GDPR).
• Advising on the issues of licensing, certification and use of information protection means, including encryption.
• Legal assistance in case of detecting violations of the personal data legislation and computer incidents.
• Advising on the issues of data processing and protection of information in the context of electronic commerce, drafting of the sets of documents mandatory for publishing on the web resources of electronic trade (terms of use, notice of confidentiality, and wordings of consents to personal data processing).

BROCHURES

LEGAL UPDATES AND PUBLICATIONS

Khamidullina Y.  Kazakhstan: Legal regulation of personal data protection in the AIFC // OneTrust DataGuidance – March 2024

Khamidullina Y.  Data privacy in Kazakhstan’s Astana International Financial Centre // Ius Laboris – 2024.01.12

Information letter concerning latest amendments on information security, personal data and digital assets (9 January 2024)

Information letter concerning latest legislation amendments on personal data protection (1 August 2022)

Information letter concerning latest legislation amendments on personal data protection (1 February 2022)

Information letter concerning the personal data protection (3 November 2020)

Information Letter concerning the changes in regulation of digital technologies and personal data protection (7 July 2020)

Amendments to the legislation of the Republic of Kazakhstan on personal data and their protection (20 December 2013)