Page 1

Bishkek city
dated April 14, 2008 No. 58
LAW OF THE KYRGYZ REPUBLIC
About personal information
(As amended by the Law of the Kyrgyz Republic of July 20, 2017 No. 129 )
Chapter 1. General Provisions
Chapter 2. Conditions of legality of work with personal data
Chapter 3. Rights of the personal data subject
Chapter 4. Rights and obligations of the holder (possessor) and
a processor for working with arrays of personal data
Chapter 5. State regulation of work with personal
data
Chapter 6. Final Provisions
This Law is aimed at the legal regulation of work with the first
sleep data based on generally accepted international principles and
norms in accordance with the Constitution and laws of the Kyrgyz Republic in
in order to ensure the protection of human and civil rights and freedoms related
with the collection, processing and use of personal data.
Chapter 1
General Provisions
Article 1. Objectives of this Law
The objectives of this Law are:
- activation of targeted state policy in the field
work with personal data;
- protection of the rights and freedoms of the individual when using information from
sleepiness and protection of this information;
- determination of the conditions for working with personal information;
ra;
- determination of the order of formation of arrays of information of personal
public authorities, local authorities
management, as well as legal entities;
- determination of the rights and obligations of subjects of information of personal
character, holders (owners) and recipients of arrays such
information;
- the establishment of forms of state regulation and the order of work
you with personal information, as well as the terms of provision
its safety.
Article 2. Scope of this Law
1. This Law applies to relations
arising when working with information of a personal nature, regardless
from the means of processing this information, including the use of
information technologies.
2. This Law does not apply to storage,
processing and use of personal data in connection with personal, familymi or economic affairs of an individual, if at the same time not
the rights of subjects of personal data are violated.
(As amended by the Law of the Kyrgyz Republic of July 20, 2017 No. 129 )
Article 3. Terms and definitions
For the purposes of this Law, the following basic terms apply
and definitions:
Personal information (personal data) - fixed
concatenated information on a material medium about a specific person,
identified with a specific person or which can be identified
involved with a specific person, allowing you to identify this person
century, directly or indirectly, through reference to one or more facts
tori specific to its biological, economic, cultural,
civil or social identity.
Personal data includes biographical and identifying
data, personal characteristics, information about marital status, financial
in the general situation, state of health and so on.
List of personal data - a list of categories of data about one
subject.
An array of personal data - any structured collection
personal data of an indefinite number of subjects, regardless of the type
information carrier and the means of their processing used (archives,
theki, electronic databases, etc.).
Publicly available arrays of personal data - arrays of personal
data, access to which is not limited by law, and is intended
for general use (directories, phone books, address
books, etc.).
Personal data confidentiality regime - normatively established
specific rules governing access restrictions, transfers,
terms and conditions for storing personal data.
Subject of personal data (subject) - an individual to whom
This includes the relevant personal data.
The holder (owner) of the array of personal data is the state authorities
donation authorities, local governments and legal entities,
entrusted with the authority to determine the goals, categories of personal
data and control the collection, storage, processing and use of
sleep data in accordance with this Law.
The authorized state body for personal data (hereinafter
- authorized state body) - state body,
Authorized by the Government of the Kyrgyz Republic to carry out
functions and powers to ensure compliance with the processing of personal
data to the requirements of this Law, protection of the rights of subjects of
personal data (subjects), registration of holders (owners)
array of personal data, maintaining the Register of Array Holders
personal data, other tasks, functions and powers provided for
given by this Law.
Processor - a natural or legal person determined by the holding
the body (owner) of personal data, which processes
personal data on the basis of an agreement concluded with him.
The recipient of personal data is a public authority or
local government bodies, legal entities and individuals, as well as
the subject of personal data (subject) to whom the
personal data are collected in accordance with this Law.
Collection of personal data - the procedure for obtaining personal data
the holder (owner) of an array of personal data from the subjects of these
data or from other sources in accordance with the law
Kyrgyz Republic.
Personal data processing - any operation or set of operations,
performed regardless of methods by the holder (owner) of the personal
data either on his behalf, by automatic means or without
such, for the purpose of collecting, recording, storing, updating, grouping,
blocking, erasing and destroying personal data.
Consent of the subject of personal data - expressed in the form,
provided for by this Law, free, specific, unconditional
new and conscious expression of the will of the person,
according to which the subject notifies about his consent to carry out
the introduction of procedures related to the processing of his personal data.
Transfer of personal data - provision by the holder (possessing
tel) of personal data to third parties in accordance with this
con and international treaties.
Cross-border transfer of personal data - transfer by the holder
(owner) of personal data to holders under the jurisdiction
by other states.
Updating personal data - promptly making changes
in personal data in accordance with the procedures established
the current legislation of the Kyrgyz Republic.
Blocking of personal data - temporary interruption of the transfer,
clarification, use and destruction of personal data.
Destruction (erasure or destruction) of personal data - valid
the holder (possessor) of personal data to bring these data
in a state that makes it impossible to restore their content.
Anonymization of personal data - removal from personal data
that part of them that allows them to be identified with a specific person.
Personal data information system - aggregate
contained in the databases of personal data and providing them
processing of information technologies and technical means.
(As amended by the Law of the Kyrgyz Republic of July 20, 2017 No. 129 )
Article 4. Basic principles of working with personal data
1. Personal data must be received and processed in order
ke provided by this Law.
2. Personal data must be collected for accurate and pre-determined
shared, declared and legitimate purposes, not used in contradiction
for these purposes and not further processed in any way,
incompatible with these goals.
3. Initial data must be accurate and, if necessary,
bridges to be renewed.
4. Personal data should be stored no longer than this
there are purposes for which they were accumulated, and are subject to destruction by
achieving goals or avoiding the need for them.
5. For personal data stored for a longer period of time
historical or other purposes, the necessary guarantees must be established
and ensuring their protection.
6. It is not allowed to combine arrays of personal data, own
early holders (owners) for different purposes, for automated
noisy information processing.
7. Personal data must be stored and protected by the holders
(owners) of arrays of personal data from illegal access,
additions, changes and destruction.
8. The basic principles of working with personal data are not used.
scooping in nature and can be supplemented in accordance with the legislation
state of the Kyrgyz Republic.
Chapter 2
Conditions for the legality of working with personal data
Article 5. Legal grounds for carrying out work with personal
data
Work with personal data can be carried out by the holder
(owner) of an array of personal data only in the following cases:
- if the subject of personal data has given his consent to check it
denier;
- if it is necessary for implementation by the state
authorities, local authorities of their competence, established
noy legislation of the Kyrgyz Republic;
- if it is needed to achieve the legitimate interests of the holders (obholders);
- when the realization of these interests does not interfere with the implementation
rights and freedoms of personal data subjects in relation to processing
personal data;
- when it is necessary to protect the interests of the subject of personal
data;
- if the processing of personal data is carried out exclusively
for journalistic purposes or for artistic or literary purposes
creativity, provided that such actions are consistent with
the subject of personal data in compliance with the right to inviolability
privacy and freedom of speech.
Article 6. Legal regime of personal data
1. Personal data under the control of the holder (owner
for), refer to confidential information, except for cases defined
given by this Law.
2. The holder (possessor) of personal data and the processor are obliged
ensure the protection of personal data in order to avoid unauthorized
access, blocking, transmission, as well as their accidental or unauthorized
ordered destruction, alteration or loss.
3. The confidentiality of personal data is removed in case of
yah:
- depersonalization of personal data;
- at the request of the subject of personal data.
4. The legal regime of personal data obtained as a result of deactivity of law enforcement agencies, is established in accordance with
legislation of the Kyrgyz Republic.
5. At the request of the subject, for his personal data, it may be
The mode of publicly available information has been established (bibliographic reference books,
phone books, address books, personal ads, etc.). Exception
are cases when information should be of a public nature.
ter in accordance with the requirements of the legislation of the Kyrgyz Republic
Ki.
6.From the moment of death of the subject of personal data, the legal regime
personal data must be replaced with the archive storage mode or
other legal regime provided for by the legislation of the Kyrgyz Republic
the public.
7. Protection of the personal data of a deceased person can be carried out
other persons, including heirs, in the manner prescribed
legislation of the Kyrgyz Republic.
Article 7. Publicly available arrays of personal data
1. For the purpose of providing information to society,
publicly available arrays of personal data (directories, telephone books
gi, address books, etc.).
2. In the publicly available arrays of personal data with a written consent
lasia of the subject may include the following personal data: surname,
name, patronymic, year and place of birth, residence address, registration number
tact phone, information about the profession, other information provided
subject and / or obtained from open sources, other publicly available
arrays of personal data, if these sources are formed with the consent
this subject of personal data.
3. If the personal data is received by the holder (possessing
telem) of a publicly available array of personal data from open sources
kov or other publicly available arrays of personal data, the holder
(owner) of a public array at the request of the subject informs in
weekly period on the content of his personal data, on the sources of
radiation and purpose of use.
4. The personal data of a specific subject are immediately excluded
are held by the holder (owner) of personal data from the publicly available
an array of personal data, and in the case of a printed edition, when publishing
next circulation - on the basis of the order of this entity or decision
law enforcement agency.
5. Privacy mode for public arrays of personal
data is not installed.
Article 8. Special categories of personal data
1. Collection, accumulation, storage and use of personal data,
disclosing racial or ethnic origin, national origin
identity, political views, religious or philosophical beliefs,
as well as concerning the state of health and sexual inclinations, claims
especially in order to identify these factors are not allowed.
2. Part 1 of this article shall not apply in the following cases:
a) if the subject of personal data has given his consent to the message
and the processing of such data;
b) if the processing is necessary to protect health and safety
the data subject, another person or the relevant group of persons and obtaining
the consent of the subject of personal data is impossible.
(As amended by the Law of the Kyrgyz Republic of July 20, 2017 No. 129 )
Chapter 3
Rights of the subject of personal data
Article 9. Consent of the subject of personal data to provide
and processing of his personal data
1. The subject of personal data independently decides on the predelivering any of your personal data to anyone, and consents
to process them freely, consciously and in a form that allows you to confirm
the fact of its receipt, with the exception of cases provided for in article
15 of this Law. Personal data is provided by the subject
in person or through an authorized representative.
The consent of the subject must be expressed in writing at
hard copy or in the form of an electronic document signed in
in accordance with the legislation of the Kyrgyz Republic electronic
signature.
2. In order to exercise his rights and freedoms, the subject provides
data, as well as information about their changes to the relevant authorities
state authorities, local government bodies entitled to
work with personal data within their competence.
3. Before providing his personal data, the subject must
be familiarized by the holder (possessor) of the array of personal data with
the list of collected data, grounds and purposes of their collection and use
with the possible transfer of personal data to a third party, and
informed about other possible use of personal data.
4. The subject of personal data in case of refusal to provide his
data has the right not to indicate the reasons for his refusal.
5. Obligation to provide proof of consent
the subject of personal data for the collection and processing of his personal
data or proof of the existence of the grounds specified in subparagraph "b"
part 2 of Article 8 , paragraphs 1 and 2 of part 1 of Article 15 of this Law,
is assigned to the holder (possessor) of the array of personal data.
6. The procedure for obtaining the consent of the subject of personal data to collect
and the processing of his personal data, including in the form of electronic
document, including the purpose of providing state and municipal
services established by the Government of the Kyrgyz Republic.
(As amended by the Law of the Kyrgyz Republic of July 20, 2017 No. 129 )
Article 10. Access of the subject to his personal data
1. The subject of personal data has the right to know about the availability of
the resident (owner) of the personal data relating to him and have to
access to them. The right to access can be limited only in cases where
provided for in Article 15 of this Law.
one
one
... Including the subject of personal data has the right to

receiving from the holder (possessor) of an array of personal data
information regarding the processing of his personal data, containing:
a) confirmation of the fact of personal data processing by the holder
(owner) of an array of personal data;
b) legal grounds and purposes of personal data processing;
c) purposes and applied by the holder (owner) of the array
personal data methods of processing personal data;
d) name and location of the holder (owner) of the array
personal data, information about persons (with the exception of employees
holder (owner) who have access to personal data or
to whom personal data may be transferred on the basis of an agreement with
the holder (possessor) of an array of personal data or on the basis of
law;
e) processed personal data related to the relevant
to the subject of personal data, the source of their receipt;
f) the terms of processing personal data, including the terms of their
storage;
g) the procedure for the exercise by the subject of personal data of his rights,
provided for by this Law;
h) information on implemented or proposed transboundary
no data transfer;
i) other information provided for by this Law and (or) other
regulatory legal acts.
(As amended by the Law of the Kyrgyz Republic of July 20, 2017 No. 129 )
2. Informing citizens about the availability of personal data at the holder
lei (owners) of data arrays is carried out on the basis of publicly available
the new Register of holders (possessors) of arrays of personal data,
published in the media in accordance with Article
30 of this Law.
3. Provision of personal information to their subject
at the initiative of the subject is made on the basis of a written request
subject and document proving his identity, free of charge. Pay
will be charged only if such information is provided on
material carriers (paper, floppy disk, etc.) in a size not exceeding
their cost. Information about the availability of personal data and the first
sleep data is provided to the data subject within a period not exceeding
7 days from the date of application.
4. Information on the availability and content of the personal data of the subject
must be issued to him by the holder (owner) of an array of personal
data in a publicly accessible form, clearly and clearly expressed, and should not be cokeep personal data relating to other subjects.
5. The subject of personal data has the right to get acquainted with the documents
tami containing information of a personal nature about him.
Article 11. Introduction of changes by the subject into his personal data
If there are grounds, confirmed by relevant documentsmi, the subject of personal data has the right to demand from the holder (possessing
body) of this data, making changes to your personal data. Change
changes in personal data are entered in the manner prescribed by article
28 of this Law.
Article 12. Blocking and unblocking of personal data
If the subject of personal data reveals their unreliable
the legality or disputes the legality of actions in relation to his personal
data, he has the right to demand from the holder (possessor) blocking
to upload this data. Blocking and unblocking of personal data
carried out in accordance with Article 19 of this Law.
Article 13. Appealing against illegal actions in relation to
personal data
If the subject of personal data believes that in relation to his
sleep data, illegal actions have been committed, he has the right to appeal
these actions are in court.
Article 14. Compensation for damages and (or) compensation for moral damage
The subject of personal data has the right to compensation for the caused
damage and compensation for moral damage in court.
Article 15. Restriction of the rights of the subject
1. Limitation of the rights of the subject to provide and receive his
personal data is possible in relation to:
1) the right to provide the subject with his personal data by holding
to the owners (owners) of arrays of personal data - for subjects of personal
nal data admitted to the information constituting the state
secret, - in accordance with the Law of the Kyrgyz Republic "On the protection of state
gift secrets of the Kyrgyz Republic ";
2) the rights of access of the subject to his personal data, making
changes to your personal data, blocking your personal
data:
a) for personal data obtained as a result of promptly-rosearch activity, except when this activity
carried out in violation of the legislation of the Kyrgyz Republic;
b) for the personal data of subjects detained on suspicion of
committing a crime or who are charged with a criminal
in the case, or to which a preventive measure has been applied before the presentation of an accusation
neniya in the bodies carrying out these actions.
2. Restriction of the subject's access rights to his personal data,
not provided for in part 1 of this article is not allowed.
Chapter 4
The rights and obligations of the holder (owner)
and a handler for working with arrays
personal data
Article 16. Holders (possessors) of arrays of personal data
1. State authorities, local self-government bodies,
carrying out work with arrays of personal data in accordance with
this Law and other regulatory legal acts of the Kyrgyz
Republics have the right to act as holders (possessors)
personal data.
2. Legal entities have the right to work with personal data
after registration with an authorized state body as
the holder (possessor) of the array of personal data in accordance with
Article 30 of this Law.
3. (Abolished in accordance with the Law of the Kyrgyz Republic of July 20, 2017
No. 129)
(As amended by the Law of the Kyrgyz Republic of July 20, 2017 No. 129 )
Article 17. Obligations of the holder (possessor) of the array of personal
data
1. The holder (possessor) of the array of personal data is obliged:
a) receive personal data directly from the subject of the personpersonal data, his proxies;
b) ensure the confidentiality of personal data in
cases stipulated by the legislation of the Kyrgyz Republic and usthe present Law;
c) determine the processor for the processing of personal data,
delivering guarantees regarding technical safety measures and the organization
nizational measures regulating the processing of personal data, with the exception of
in cases where the holder (possessor) independently imposes
to assume the functions and duties of the processor;
d) ensure the safety and reliability of personal data, and
also the mode of access to them established in the normative order;
e) provide personal data within a week after the
blunting a request from the subject;
g) in case of refusal to provide the subject at his request with information
information about the availability of personal data about him, as well as the personal
data, issue a written reasoned response containing a link
to the relevant paragraph of Article 15 of this Law, within a period not exceeding
one week from the date of the subject's request;
h) submit, at the request of the authorized state body,
on or the Ombudsman (Akyikatchy) of the Kyrgyz Republic within a week
information necessary for the exercise of their powers.
2. Persons to whom personal data became known by virtue of their
legal situation, assume obligations and bear responsibility
to ensure the confidentiality of these personal data. Such
obligations remain in effect even after the end of the work of these persons with the
sleep data for the duration of the confidentiality mode
according to Article 6 of this Law.
Article 18. Obligations of holders (owners) of personal
data on the compilation of lists of personal data
1. Holders (owners) who work with personal
data, within the competence, are developed in accordance with the specific
lists of personal data and are guided by the characteristics of their activities
by them.
2. These lists are agreed with the authorized
state body, are registered with this body and published in
Register of holders (possessors) of arrays of personal data, annually
issued by this authorized government agency. These lists
establish the amount of information used by state authorities
authorities, local governments for the implementation of their powers.
3. The procedure for registering lists of personal data is determined
By the Government of the Kyrgyz Republic.
4. Holders (possessors) of arrays of personal data, carry out
affecting the work with personal data according to the decision of the Government of Kyrof the Kyrgyz Republic, develop in accordance with the specifics of their
activity lists of personal data and agree with them
authorized state body.
5. Lists of personal data must be consistent with the purpose of collection
this data. Expansion of the established lists to achieve the goals
any other nature is not allowed.
(As amended by the Law of the Kyrgyz Republic of July 20, 2017 No. 129 )
Article 19. Obligations of the holder (possessor) of the array of personal
data on blocking, unblocking and
destruction of personal data
1. If the subject of personal data reveals unreliable
these personal data or illegal actions with them by the holder
(owner) of the array of personal data, the subject can submit an application
the holder (possessor) of the array of these data or an authorized body.
The holder (possessor) is obliged to accept the subject's statement for production
and block his personal data from the moment it is received on the
The period of verification of the application.
2. In case of confirmation of the inaccuracy of personal data,
the resident (owner) of the data array is obliged, on the basis of documents,
submitted by the subject, correct them and remove the blocking.
3. In case of establishing the unlawfulness of the collection of personal data
the holder (possessor) is obliged to destroy the relevant data irrespective of
promptly from the moment of such establishment and document the
the subject of personal data.
4. In case of mutual recognition of the legality of actions with the personnal data or their reliability, the holder (owner) of the array
personal data is obliged to immediately remove their blocking.
5. In case of disagreement of the holder (possessor) of the array of personal
data with a statement of the subject of personal data consideration of the conflict
situations are carried out in an administrative or judicial order.
Article 20. Obligations of the processor of personal data
1. The processor processes personal data on the basis of
the execution of an agreement concluded with the holder (possessor) of personal
data.
2. The processor must collect, record, store, update
tion, blocking, destruction of personal data, regardless of the way
soba and processing means, on behalf of the holder (possessor) of the personnal data.
Article 21. Organizational and technical measures for the protection of personal
data
1. Holder (possessor) of the array of personal data and processor
are obliged to take the necessary legal, organizational and technical
measures and (or) ensure their adoption to protect personal data from
unauthorized or accidental access to them, modification, blocking,
copying, providing, distributing personal data, and
also from other illegal actions in relation to personal data.
2. When processing personal data, the holder (owner) of the massyour personal data and the processor are obliged to:
- exclude access of unauthorized persons to the equipment used
for the processing of personal data (access control);
- prevent unauthorized reading, copying, modification or
removal of data carriers (control over the use of data carriers);
- prevent unauthorized recording of personal data and change
the destruction or destruction of the recorded personal data (control over
writing) and provide the possibility of establishing retroactively when, by whom
and what personal data has been changed;
- ensure the security of data processing systems intended
for the transfer of personal data, regardless of the means of data transmission
(control over the means of data transmission);

- ensure that every user of the data processing system
had access only to those personal data for the processing of which he
has an admission (admission control);
- ensure that it is possible to establish retroactively when, by whom and
what personal data were entered into the data processing system (contact
role by input);
- prevent unauthorized reading, copying, modification
and destruction of personal data during the transfer and transportation of personal
nal data (transport control);
- to ensure the confidentiality of information received during the processing
processing of personal data.
- ensure the implementation of the established by the Government of the Kyrgyz
Republic of requirements for the protection of personal data when processing them in
personal data information systems, the execution of which
ensures the established levels of protection of personal data;
- keep records of machine carriers of personal data;
- ensure the recovery of personal data modified
or destroyed due to unauthorized access to them.
3. The Government of the Kyrgyz Republic sets the levels
the security of personal data during their processing in information
systems, requirements for ensuring the safety and protection of personal
data during their processing in personal data information systems,
the execution of which ensures the established levels of security
personal data.
(As amended by the Law of the Kyrgyz Republic of July 20, 2017 No. 129 )
Article 22. Obligations of public authorities and bodies
local government in mutual exchange
personal data
1. State authorities and local self-government bodies
in their activities, they can use personal data found
other holders (possessors) of personal data, in the presence of
this legal basis for the implementation of work with personal data and
only within the limits of their authority and competence established
legislation of the Kyrgyz Republic, has the right to create information
personal data systems that meet the requirements of the established
this Law.
2. Formation of consolidated information systems and arrays
personal data obtained by public authorities or
local government bodies from various state
lei (owners) of personal data is not allowed.
3. Control over the use of personal data received by the
Ghans of state power, local state administrations
mi and local governments from other state powers
owners (owners) of personal data, carried out by an authorized
government agency, higher authorities, law enforcement
authorities, as well as the Ombudsman (Akyi-katchy) of the Kyrgyz Republic in
in accordance with this Law.
(As amended by the Law of the Kyrgyz Republic of July 20, 2017 No. 129 )
Article 23. Organization of state reference service
personal data
(Abolished in accordance with the Law of the Kyrgyz Republic of July 20, 2017 No. 129)
Article 24. Transfer of personal data
1. The holder (possessor) of the array of personal data has the right to transfer
give this data to another holder (possessor) without the consent of the subject
personal data in cases:
- of extreme necessity to protect the interests of the subject of personal
data;
- at the request of state authorities, local authorities
of the administration, if the requested list of personal data is
confers the powers of the requesting authority;
- on the basis of the legislation of the Kyrgyz Republic.
2. The holder (possessor) of the array of personal data is obliged to
form the subject of personal data on the transfer of it
personal data to a third party in any form within a week.
The procedure and form of notifying the subject of personal data about the fact
the transfer of his personal data to a third party is established
By the Government of the Kyrgyz Republic.
3. When transferring personal data, the recipient of the data imposes
There is a duty to respect the confidentiality of this data.
4. Personal data collected at the expense of the state
budget, are transferred to public authorities and budget organizations
the domain, as well as personal data to the subject himself - free of charge.
(As amended by the Law of the Kyrgyz Republic of July 20, 2017 No. 129 )
Article 25. Cross-border transfer of personal data
1. In case of cross-border transfer of personal data, the holder (obholder) of an array of personal data under the jurisdiction of Kyrof the Kyrgyz Republic, transmitting data, proceeds from the presence of an international
th contract between the parties, according to which the receiving party provides
ensures an adequate level of protection of the rights and freedoms of subjects of personal
data and protection of personal data established in the Kyrgyz Republic
face.
2. The Kyrgyz Republic provides legal protection measures when
persons transferred on its territory or transferred through its territory
data, excluding their distortion and unauthorized use
nie.
3. Transfer of personal data to countries that do not provide adequate
wadded level of protection of the rights and freedoms of personal data subjects, momay take place provided:
- the consent of the personal data subject to this transfer;
- if the transfer is necessary to protect the interests of the subject
personal data;
- if personal data is contained in a publicly available array of
sleep data.
4. When transferring personal data via global information
network (Internet, etc.) holder (owner) of an array of personal data
the person transmitting such data is obliged to ensure the transfer of the necessary
means of protection, while respecting the confidentiality of information.
(As amended by the Law of the Kyrgyz Republic of July 20, 2017 No. 129 )
Article 26. Anonymization of personal data
For statistical, sociological, historical, memedical and other scientific and practical research holder (subject to
giver) of the array of personal data carries out depersonalization of the use
data, giving them the form of anonymous information. In this case, the mode
the confidentiality set for personal data is removed.
Anonymization should exclude the possibility of identifying the subject of the
sleep data.
Article 27. Storage of personal data
1. Personal data should not be stored longer than necessary.
dimo to fulfill the purpose of their collection. Storage periods can be extended
only in the interests of the subject of personal data or if it is provided
reno by the legislation of the Kyrgyz Republic. After the expiration of the storage period
and achieving the goals of collecting personal data, they are subject to destruction
for two weeks. The destruction is confirmed by an act.
Depending on the significance of the personal data of certain
subjects for historical, sociological, medical and other
scientific purposes, instead of destroying personal data, it is allowed
depersonalization of such data by the holder (owner) of the array in order,
established by the Government of the Kyrgyz Republic.
2. In the event that a decision is made in accordance with the established procedure on the
the possibility of saving personal data after the expiration of the storage period,
achievement of the set goals of their collection, the holder (owner) of the array
personal data is obliged to ensure the appropriate storage mode
personal data and notify the data subject about it.
3. Certain personal data (personal files, metric books
gi, etc.) after passing the practical need, they may remainin permanent storage, acquiring the status of an archival document, or
other status provided by the legislation of the Kyrgyz Republic.
Article 28. Updating personal data
1. The holder (owner) of the array of personal data makes changes
changes in the personal data available to him, subject to documentary
to confirm the veracity of the new data:
- in cases stipulated by the legislation of the Kyrgyz Republic
faces;
- (the paragraph became invalid in accordance with the Law of the Kyrgyz Republic of July 20, 2017
year No. 129)
- at the initiative of the subject of personal data, personal data
which are subject to change in accordance with Article 11 of this Law
horse.
2. Changes to personal data at the request of the subject
this data is made no later than a week from the date of submission
them statements. Changes initiated by the holder (owner)
carried out in accordance with internal rules.
(As amended by the Law of the Kyrgyz Republic of July 20, 2017 No. 129 )
CHAPTER 5
State regulation of work
with personal data
Article 29. Forms of state regulation of work
with personal data
The state regulates work with personal data
nym in the following forms:
- The Government of the Kyrgyz Republic determines the authorized
state body of the Kyrgyz Republic;
- keeps records and registration of arrays of personal data and their
residents (owners);
- concludes international treaties on cross-border transfer of
sleep data, with the exception of cases contrary to the legislation
state of the Kyrgyz Republic for the protection of state secrets.
Article 29.

one

... Authorized state body

1. The authorized state body is responsible for ensuring
control over the compliance of the processing of personal data with the requirements
of this Law, protection of the rights of subjects of personal data.
2. The authorized state body carries out cooperation
communication with bodies authorized in the field of personal data protection in
foreign states, in particular the international exchange of information on
protection of the rights of subjects of personal data.
3. Decisions of the authorized state body for the protection of rights
subjects of personal data can be appealed in the manner
stipulated by the Law of the Kyrgyz Republic "On the basics of administration
tive activities and administrative procedures ".
4. The regulation on the authorized state body is approved
By the Government of the Kyrgyz Republic.
(As amended by the Law of the Kyrgyz Republic of July 20, 2017 No. 129 )
Article 30. Registration of arrays and holders (owners)
personal data
1. Arrays of personal data and holders (owners) of these massivov are subject to mandatory registration with the authorized state
organ. When registering, the following are recorded:
- name of the array of personal data;
- name and details of the holder (owner) of the array of persons;
personal data, working with an array of personal data
(address, form of ownership, subordination, telephone, surname, name, fromleader's honor, e-mail, fax);
- the purposes and methods of collecting and using personal data;
- modes and terms of their storage;
- a list of collected personal data;
- categories or groups of subjects of personal data;
- sources of collection of personal data;
- the procedure for informing subjects about the collection and possible transfer of them
personal data;
- measures to ensure the safety and confidentiality of personal
data;
- the person directly responsible for working with personal
data.
- recipients or categories of recipients to whom the
data;
- prospective cross-border transfer of personal data.
2. Arrays of personal data containing information related to
state secrets on the basis of the Law of the Kyrgyz Republic "On the
shield of state secrets of the Kyrgyz Republic ", do not register
Xia.
3. The authorized state body keeps records of massifs
personal data and holders (owners) working with
personal data.
4. The specified body annually publishes in the media
mation Register of holders of personal data for general information.
(As amended by the Law of the Kyrgyz Republic of July 20, 2017 No. 129 )
Article 31. Responsibility for violation of this Law
Violation of this Law entails liability in accordance with
with the legislation of the Kyrgyz Republic.
Chapter 6
Final provisions
Article 32. On the entry into force of this Law
This Law shall enter into force on the day of its official publication.
Published in the newspaper "Erkintoo" dated April 18, 2008 N 28
President of the Kyrgyz Republic

K. Bakiev

Adopted by the Jogorku Kenesh
The Kyrgyz Republic

February 21, 2008

