top of page

BELARUS - Data Protection and GDPR Review



Early Developments

The history of data protection in Belarus can be traced back to the late 1980s and early 1990s when the country started to adopt modern information technologies. As the Internet and digitalization became more prevalent, there was a growing need to address the protection of personal data.

The Law "On Information, Informatization, and Information Protection"

In 2003, Belarus adopted a pivotal piece of legislation, the Law "On Information, Informatization, and Information Protection." This law was an early attempt to regulate information management, including the collection, processing, storage, and dissemination of information. It covered various types of information, including personal data, and laid down principles for information protection.

The Law "On Personal Data"

The Law "On Personal Data" was enacted in 2008 and came into effect on January 1, 2010. This law marked a significant development in data protection legislation in Belarus, specifically focusing on personal data. It defined personal data, data subjects, data controllers, and data processors and set out the principles and conditions for personal data processing.

The law established the rights of data subjects, including the right to access, rectify, and delete their data, and introduced obligations for data controllers and processors. It also mandated the creation of a state data register.

Amendments and Developments

Since the introduction of the Law "On Personal Data," there have been various amendments and supplementary laws and regulations to address the evolving challenges in data protection. These include changes related to international cooperation, cross-border data transfers, and specific sectors such as healthcare, finance, and telecommunications.

Lack of a Specialized Data Protection Authority

Unlike many other countries, Belarus does not have a specialized independent data protection authority. The responsibility for overseeing and enforcing data protection laws falls under various governmental bodies, such as the Operational and Analytical Center under the President of the Republic of Belarus.

International Alignment

Belarus is not part of the European Union, and its data protection laws are not directly aligned with the EU's General Data Protection Regulation (GDPR). However, the country has shown some interest in harmonizing its data protection laws with international standards, particularly as it seeks to foster international trade and cooperation.


Belarus's history of data protection is marked by gradual development and adaptation to the challenges posed by technological advancements. While there have been significant legislative efforts, the country's data protection framework is still evolving, and there may be opportunities for further alignment with international standards and best practices. The establishment of a specialized independent authority for data protection and continued investment in education and awareness may also be crucial for the effective implementation and enforcement of data protection laws in Belarus.

Belarus is not a member of the European Union (EU), and as such, the General Data Protection Regulation (GDPR) does not directly apply within the country. However, Belarusian businesses and organizations that offer goods or services to individuals in the EU or monitor the behavior of EU residents must comply with the GDPR.

This guide will outline key principles, regulations, and practices related to data protection in Belarus, highlighting aspects relevant to the GDPR when dealing with personal data of EU residents.


Belarusian Data Protection Legislation

The primary legal framework governing data protection in Belarus is the Law "On Personal Data," enacted in 2008. It sets forth principles, rights, and obligations related to personal data processing and applies to both electronic and manual data processing.

Key Principles

  1. Legality and Transparency: Personal data must be collected and processed lawfully and transparently.

  2. Purpose Limitation: Data should be collected for specific, legitimate purposes and not processed further in a way incompatible with those purposes.

  3. Data Minimization: Data collection should be relevant and limited to what is necessary for the intended purpose.

  4. Accuracy: Personal data should be accurate, and necessary steps should be taken to ensure that inaccurate data is corrected or deleted.

Rights of Data Subjects

Individuals in Belarus have specific rights concerning their personal data:

  • Right to Access: Individuals can request information about their personal data being processed.

  • Right to Rectification: Individuals have the right to correct or update their personal data.

  • Right to Deletion: In certain circumstances, individuals can request the deletion of their personal data.

Obligations of Data Controllers and Processors

Organizations handling personal data must adhere to specific obligations:

  • Notification Requirement: Data controllers must register with the state data register.

  • Security Measures: Implementing proper security measures to protect personal data against unauthorized access, loss, or destruction is required.

GDPR Compliance for Belarusian Entities Dealing with the EU

Belarusian entities processing the personal data of EU residents must comply with the GDPR. Here are some essential steps for compliance:

  • Understand GDPR Requirements: Understanding the scope and requirements of the GDPR is crucial. This includes the principles of data processing, rights of data subjects, and obligations of data controllers and processors.

  • Implement Appropriate Measures: Adopting security measures, privacy policies, and procedures in line with GDPR requirements.

  • Appoint a Data Protection Officer (DPO): If applicable, appoint a DPO to oversee compliance with the GDPR.

  • Ensure Legal Grounds for Data Processing: Make sure to have a legitimate basis for processing personal data, such as consent or a contractual necessity.

  • Prepare for Cross-Border Data Transfers: If transferring personal data outside the EU, ensure appropriate safeguards like Standard Contractual Clauses (SCCs) or adherence to an Adequacy Decision.

Conclusion

While the GDPR does not directly govern data protection in Belarus, its principles and requirements may still apply to Belarusian businesses and organizations dealing with the personal data of EU residents. It is advisable to consult with legal experts familiar with both Belarusian law and the GDPR to ensure compliance and mitigate potential risks. Additionally, keeping an eye on Belarus's evolving data protection landscape and any efforts to align with international standards is essential for businesses operating in or with the country.

Comments


bottom of page