DLA Piper Intelligence

Data Protection
Laws of the World

Law

Azerbaijan
Azerbaijan

Law on Personal Information dated 11 May 2010.

Last modified 15 Feb 2022
Law
Azerbaijan

Law on Personal Information dated 11 May 2010.

Last modified 15 Feb 2022
Definitions

Definition of Personal Data

Any information allowing to identify a person, directly or indirectly, is considered personal data.

Definition of Sensitive Personal Data

Personal data of special category includes information relating to race or nationality of an individual, his/her family life, religion and belief, health or conviction.

Last modified 15 Feb 2022
Authority

The major regulator/enforcement authority (DPA) is the Ministry of Digital Development and Transport. 

In addition, the other designated state authorities which are vested in powers to enforce applicable data protection/privacy laws, within the scope of their competences, include the Ministry of Internal Affairs, the Ministry of Justice, the State Security Service, and the Special State Protection Service.

Last modified 15 Feb 2022
Registration

Information systems of personal data must be registered with the DPA. There are also certain exemptions from such registration requirement.

Last modified 15 Feb 2022
Data Protection Officers

The DPA, through its officers, may demand elimination of violations of statutory requirements by legal entities and individuals, also take necessary actions for holding accountable persons who breached the statutory requirements regarding collection, processing and protection of personal data. 

Last modified 15 Feb 2022
Collection & Processing

Collection and processing of personal data can be implemented either with obtaining a prior consent of a data subject or when the data is of open category (i.e. non-confidential).

Last modified 15 Feb 2022
Transfer

Transfer of personal data can be performed with a prior written consent of a data subject, unless the data is of open category.

Last modified 15 Feb 2022
Security

Adequate level of protection of personal data should be provided by owners of operators of personal data.

Last modified 15 Feb 2022
Breach Notification

There is no specific requirement as to notification of the DPA by the owner or operator of personal data about breach.

Last modified 15 Feb 2022
Enforcement

If the rights of a data subject are breached as a result of the illegal collection and processing of personal data, inadequate protection of such data, or non-compliance with the statutory requirements, the data subject may claim for compensation of material and moral damages sustained by him/her through the local court.

Last modified 15 Feb 2022
Electronic Marketing

No consent of a recipient is required for e-mail marketing, provided only that service providers must establish a registration system for persons who wish to opt out from receiving marketing materials, and comply with such system. 

Last modified 15 Feb 2022
Online Privacy

There are no rules directly regulating use of cookies in Azerbaijani legislation. However, if cookies contain any personal data, the Azerbaijani data protection rules will apply as to the use of such cookies. 

If a data subject cannot be identified just based on location data, it would unlikely be deemed as personal data, falling outside the scope of personal data protection related requirements.

Last modified 15 Feb 2022
Contacts
Ismail Askerov
Ismail Askerov
Senior Partner
MGB Law Offices
T +99412 493 6669
Lala Hasanova
Lala Hasanova
Senior Associate
MGB Law Offices
T +99412 493 6669
Last modified 15 Feb 2022