Kyrgyzstan Introduces New Data Protection Rules for Government and Companies

Kyrgyzstan is set to enforce stricter data protection measures for all entities that process citizens' personal information. The new regulations, approved by Cabinet of Ministers Chairman Adylbek Kasymaliyev, update security requirements for digital systems and personal data handling, superseding rules from 2017.

The updated rules will establish new security benchmarks for information systems based on the level of personal data protection required. Government bodies and organizations must bring their systems into compliance. The measures also aim to strengthen oversight of how citizens' personal information is processed and stored digitally, incorporating modern data protection mechanisms aligned with the Digital Code.

The State Agency for Personal Data Protection will spearhead the implementation of these new rules. The agency has been given a six-month deadline to enact the necessary measures. Authorities anticipate that these updated regulations will significantly bolster the security of citizens' personal data, mitigate the risk of information leaks, and bring the country's data protection system in line with contemporary digital standards. The decree takes effect ten days after its publication.