Information on the activities of the State Agency for Personal Data Protection under the Cabinet of Ministers of the Kyrgyz Republic
The State Agency for Personal Data Protection under the Cabinet of Ministers of the Kyrgyz Republic was established in accordance with the Decree of the President of the Kyrgyz Republic "On the Cabinet of Ministers of the Kyrgyz Republic" of September 14, 2021. The Agency's regulations were adopted by the Resolution of the Cabinet of Ministers of the Kyrgyz Republic "On the State Agency for Personal Data Protection under the Cabinet of Ministers of the Kyrgyz Republic" dated December 22, 2021, No. 325. The Agency was registered with the judicial authorities on January 10, 2022.
According to the Regulation on the State Agency for Personal Data Protection under the Cabinet of Ministers of the Kyrgyz Republic, approved by the Resolution of the Cabinet of Ministers of the Kyrgyz Republic dated December 22, 2021, No. 325, the Agency is an authorized state body for personal data and it is responsible for the protection of personal data during processing in information systems.
In accordance with Article 29-1 of the Law of the Kyrgyz Republic "On Personal Data," the Agency ensures compliance with the requirements of the aforementioned law regarding the processing of personal data and the protection of the rights of personal data subjects.
TheAgency is the executive body responsible for Indicator 3.1 "Enhancing the level of personal data protection of citizens by the Cabinet of Ministers of the Kyrgyz Republic" under the Financial Agreement between the Kyrgyz Republic and the European Union within the framework of the "Contract for Digitization Sector Reform" program (ACA/2020/042-335).
Since 2022, the Agency has accomplished the following work:
The Agency has been involved in the development of 13 normative legal acts (NLA) and 4 local acts related to the protection of personal data:
11 NLAs and 4 local acts have been approved,
2 NLAs are currently undergoing the approval process in coordination with ministries and authorities.
The Agency has provided opinions and responses to 2044 requests received from government agencies, legal entities, and individuals within its jurisdiction.
The Agency has developed and implemented an information system called the "Registry of Holders (Owners) of Personal Data Arrays." Since July 2022, 419 organizations have completed the primary registration process in this system.
Development of a trilingual website: The Agency has developed a trilingual website available in Kyrgyz, Russian, and English languages. The website can be accessed at https://dpa.gov.kg. The Agency has developed a Telegram bot to provide immediate information and answers to frequently asked questions for citizens. The bot can be accessed at https://t.me/agentstvoPDbot. The Agency has developed an online platform accessible through the Agency's website at https://dpa.gov.kg. This platform assists businesses in developing privacy policies tailored to their specific needs. The platform includes a privacy policy generator, available at https://privacy.dpa.gov.kg/.
The Agency has conducted 60 meetings with government agencies, international organizations, and development partners.
The Agency has reviewed 92 complaints from individuals regarding violations of their rights as personal data subjects.
The Agency has taken measures to address 11 cybersecurity incidents related to violations of legislation concerning personal data.
From June 2022 to June 2023, the Agency conducted 26 training sessions in both offline and online formats for government agencies, local self-government bodies, legal entities, non-governmental organizations, and students. These training sessions aimed to educate participants on personal data protection and related topics. In total, 1,010 individuals received training through these sessions.
The Agency has signed four cooperation agreements during the specified period:
Cooperation agreement with the Central Election Commission and Referendum Administration of the Kyrgyz Republic;
Cooperation agreement with the Business Ombudsman Institute;
Cooperation agreement with the Republic of Belarus: This agreement covers matters of mutual interest and facilitates an effective approach to personal data protection issues, as well as the exchange of experiences between the Agency and relevant authorities in Belarus.
Memorandum of Understanding with the Hungarian National Authority for Data Protection and Freedom of Information.
10. All 12 activities outlined in the approved Plan, as part of the implementation of the Financial Agreement between the Kyrgyz Republic and the European Union under the Policy Reform Matrix of the European Union's "Contract for the Digitalization Sector Reform" program (ACA/2020/042-335), have been fully completed. As a result, the Kyrgyz Republic has received budgetary support of 500,000 euros per year in 2021, 2022, and is expected to receive it in 2023 from the European Union, totaling 1.5 million euros.