Last modified 15 February 2022

Data Protection in Azerbaijan

Electronic marketing in Azerbaijan

Download PDF

Download current country

Change countries

Change country

Law

Data protection laws in Azerbaijan

Law on Personal Information dated 11 May 2010.

Related resources

Definitions

Definitions in Azerbaijan

Definition of Personal Data

Any information allowing to identify a person, directly or indirectly, is considered personal data.

Definition of Sensitive Personal Data

Personal data of special category includes information relating to race or nationality of an individual, his/her family life, religion and belief, health or conviction.

Authority

National data protection authority in Azerbaijan

The major regulator/enforcement authority (DPA) is the Ministry of Digital Development and Transport.

In addition, the other designated state authorities which are vested in powers to enforce applicable data protection/privacy laws, within the scope of their competences, include the Ministry of Internal Affairs, the Ministry of Justice, the State Security Service, and the Special State Protection Service.

Registration

Registration in Azerbaijan

Information systems of personal data must be registered with the DPA. There are also certain exemptions from such registration requirement.

Data protection officers

Data protection officers in Azerbaijan

The DPA, through its officers, may demand elimination of violations of statutory requirements by legal entities and individuals, also take necessary actions for holding accountable persons who breached the statutory requirements regarding collection, processing and protection of personal data.

Collection and processing

Collection and processing in Azerbaijan

Collection and processing of personal data can be implemented either with obtaining a prior consent of a data subject or when the data is of open category (i.e. non-confidential).

Related resources

Transfer

Transfer in Azerbaijan

Transfer of personal data can be performed with a prior written consent of a data subject, unless the data is of open category.

Related resources

Security

Security in Azerbaijan

Adequate level of protection of personal data should be provided by owners of operators of personal data.

Related resources

Breach notification

Breach notification in Azerbaijan

There is no specific requirement as to notification of the DPA by the owner or operator of personal data about breach.

Related resources

Enforcement

Enforcement in Azerbaijan

If the rights of a data subject are breached as a result of the illegal collection and processing of personal data, inadequate protection of such data, or non-compliance with the statutory requirements, the data subject may claim for compensation of material and moral damages sustained by him/her through the local court.

Electronic marketing

Electronic marketing in Azerbaijan

No consent of a recipient is required for e-mail marketing, provided only that service providers must establish a registration system for persons who wish to opt out from receiving marketing materials, and comply with such system.

Online privacy

Online privacy in Azerbaijan

There are no rules directly regulating use of cookies in Azerbaijani legislation. However, if cookies contain any personal data, the Azerbaijani data protection rules will apply as to the use of such cookies.

If a data subject cannot be identified just based on location data, it would unlikely be deemed as personal data, falling outside the scope of personal data protection related requirements.