Data Protection and Cybersecurity

Over the past 10 years from the moment Kazakhstan adopted legislation on personal data protection AEQUITAS has accumulated extensive practice in this sphere.

The firm’s lawyers possess professional knowledge and solid experience in advising clients from different sectors of economy such as healthcare, media and telecommunications, electronic commerce, banking sector, information technologies, industry, transport, logistics, etc.

AEQUITAS lawyers advised General Electric, ExxonMobil, Chevron, Schlumberger, Caterpillar, Hewlett-Packard, Visa, ACCA, Johnson & Johnson, Polpharma, Sanofi Aventis, AstraZeneсa, Boehringer Ingelheim, Ipsen, Vorwerk International, ERM Eurasia, Eurasian Group, Mundipharma, Valeant, and many other companies on different issues of compliance with requirements of the personal data protection legislation, cross-border transfer, database localization issues, drafted individual sets of documents in the personal data protection sphere, and adapted relevant documents to the business processes of specific companies.

Yekaterina Khamidullina, AEQUITAS Partner and Director of AEQUITAS AIFC Branch, studied at King’s College London where she acquired knowledge in the sphere of regulation of the issues of personal data protection, information confidentiality, GDPR, blockchain, and financial technologies. She also wrote a dissertation dedicated to a comparative analysis of the regulation of personal data protection in Kazakhstan, Astana International Financial Centre (AIFC) and the EU (GDPR).

According to the Legal 500, Senior Associate Alexandr Chumachenko is one of the recommended and key lawyers in Kazakhstan in the sphere of corporate, commercial law and M&A. He is highly experienced in advising clients on complicated issues of personal data protection and drafting of required documents. Alexandr wrote many publications relating to disputable issues and amendments to the personal data protection legislation.

SERVICES

  • Advising on the issues of the laws of Kazakhstan and the AIFC in the personal data protection sphere.

  • Legal audit of the personal data processing and protection system: verification of documents regulating the procedure for collection, storage (including database localization), transfer and other types of personal data processing and measures to ensure personal data security at a company as to compliance with the current legislation, elaboration of recommendations on how to bring the processes into compliance with requirements.

  • Analysis of the models of doing business in Kazakhstan as part of proper compliance with the local data protection legislation most convenient for the client, including in the course of international circulation of various goods, digital healthcare, development and support of software for the protection of accounts, prevention of fraud and abuse, payment optimization, chargeback management, and concerning other practice areas involving collection and processing of personal data (including medical personal data).

  • Drafting of consents to personal data processing, cross-border transfer, and distribution of information among healthcare professionals.

  • Drafting of a mandatory set of documents on the personal data of employees and other persons, including:

  • model form of consent to personal data processing;

  • personal data regulations;

  • special provisions to employment and other contracts;

  • order on appointment of a person responsible for drafting the below list;

  • list of personal data required and sufficient for attaining the pursued objectives;

  • list of the persons who collect and process personal data and have access thereto, and who are responsible for implementing the measures to ensure personal data safety;

  • order on approval of the final set of documents; and

  • other documents.

  • Client representation in the course of inspections conducted by authorized agencies of public authorities in the sphere of personal data protection and security.

  • Advising on the issues of cross-border transfer of personal data, drafting of agreements on processing and cross-border transfer of personal data, confidentiality agreements and non-disclosure agreements.

  • Advising on establishing the information protection system and application of legal, organizational, and technical information protection means.

  • Advising and conducting trainings as to compliance with the European legislation on personal data protection (GDPR).

  • Advising on the issues of licensing, certification and use of information protection means, including encryption.

  • Legal assistance in case of detecting violations of the personal data legislation and computer incidents.

  • Advising on the issues of data processing and protection of information in the context of electronic commerce, drafting of the sets of documents mandatory for publishing on the web resources of electronic trade (terms of use, notice of confidentiality, and wordings of consents to personal data processing).

Practice areas