DLA Piper Intelligence

Data Protection
Laws of the World

Law

Belarus
Belarus

The main legal acts regulating personal data protection in Belarus are the Law on Information, Informatisation and Information Protection of 10 November 2008 No. 455 Z (the "Information Protection Law") and the Law on Population Register of 21 July 2008 No. 418 Z (the "Population Register Law").

The acts implemented within the framework of the Eurasian Economic Union should also be taken into consideration, eg the Protocol on Informational Communication Technologies and Informational Interaction within the Eurasian Economic Union, Annex 3 to the Treaty on the Eurasian Economic Union of 29 May 2014.

In 2017, the concept of a new Law on Personal Data was introduced and approved by the President of Belarus. It is expected that a draft Law on Personal Data will be submitted to the parliament by April 2019. 

Last modified 26 Jan 2018
Law
Belarus

The main legal acts regulating personal data protection in Belarus are the Law on Information, Informatisation and Information Protection of 10 November 2008 No. 455 Z (the "Information Protection Law") and the Law on Population Register of 21 July 2008 No. 418 Z (the "Population Register Law").

The acts implemented within the framework of the Eurasian Economic Union should also be taken into consideration, eg the Protocol on Informational Communication Technologies and Informational Interaction within the Eurasian Economic Union, Annex 3 to the Treaty on the Eurasian Economic Union of 29 May 2014.

In 2017, the concept of a new Law on Personal Data was introduced and approved by the President of Belarus. It is expected that a draft Law on Personal Data will be submitted to the parliament by April 2019. 

Last modified 26 Jan 2018
Definitions

Definition of personal data

According to the Information Protection Law personal data consist of 'basic' and 'additional' personal data of an individual which are subject to the admission to the population registry, as well as other data which allow the identification of such an individual. The basic personal data are defined by the Population Register Law as a closed list of the data including:

  • name;
  • surname;
  • birth date;
  • citizenship; and
  • address details.

The additional personal data are also defined by the Population Register Law as a closed list of the data, including e.g. data on:

  • a spouse;
  • children;
  • relatives;
  • tax obligation; and
  • education etc.

Belarus law does not define the notion of "other data which allow the identification of an individual".

Definition of sensitive personal data

There is currently no concept of sensitive personal data under Belarus law.

Last modified 26 Jan 2018
Authority

There are two main authorities occupied primarily with overseeing data protection: Operational and Analytical Centre under the President of the Republic of Belarus (the "Centre") and the Ministry of Communications and Informatisation of the Republic of Belarus (the "Ministry").  

Last modified 26 Jan 2018
Registration

Belarus law does not require the registration of information systems (e.g. databases) that contain personal data or to register as a processor of personal data for private owned information systems.  For state information systems Belarus law requires registration with the Ministry regardless whether any personal data are processed in it.  Such registration can be carried out for private owned information systems voluntarily.  According to the Information Protection Law state information systems are information systems created and/or acquired at the expense of state or local budgets, state off-budget funds, or by means of state legal entities.

Last modified 26 Jan 2018
Data Protection Officers

State bodies and legal entities which are carrying out personal data processing shall establish special departments or select employees who are responsible for information protection.  If technical methods of information protection are used, e.g. encryption, such state bodies and legal entities must establish a special department for technical information protection.  

Last modified 26 Jan 2018
Collection & Processing

Collection and processing of personal data are subject to the following mandatory conditions:

  • to be carried out only with a written consent of the individual to which the personal data belong;
  • to be carried out in information systems equipped with information protection systems using technical and cryptographic means of protection certified in accordance with Belarus law; and
  • to be carried out having implemented certain legal, organisational and technical measures for personal data protection.

The legal measures may include concluding agreements with an individual whose personal data are collected and processed. Such agreements should stipulate the terms of personal data usage, as well as parties responsibility for breach of such terms.

The organisational measures may include establishing a special entrance regime to the premises where the collection and processing are carried out, and designate a list of employees who can have an access to such premises and data.

The technical measures may include using cryptography and other possible measures of control over information protection to be carried out by state bodies and legal entities on the condition that a special department or employees are selected to oversee information protection in such state bodies and legal entities.

Last modified 26 Jan 2018
Transfer

According to the Information Protection Law, transfer of personal data shall be carried out with written consent of the individual to whom the personal data transferred belongs. There are no specific requirements established for transfer of personal data from Belarus to abroad.

In practice, the employers receiving the personal data of their employees carry out possible measures (legal, organisational, technical etc.) to prevent illegal distribution of personal data and comply with Information Protection Law requirements.

Last modified 26 Jan 2018
Security

Legal entities and/or individuals using personal data shall carry out in accordance with Belarus law appropriate legal, organisational, technical measures of information protection in order to protect personal data from illegal distribution.

Last modified 26 Jan 2018
Breach Notification

There are no requirements under Belarus law to report personal data protection breaches either to the state authorities, or the individuals whose personal data are concerned.

Mandatory breach notification

There are no mandatory requirements under Belarus law to report personal data protection breaches either to the state authorities, or the individuals whose personal data are concerned.

Last modified 26 Jan 2018
Enforcement

Enforcement of the Law on Information Protection is primarily carried out by the Ministry and the Centre.  Currently Belarus law does not provide for any liability for the breach of the regulation on personal data protection.  Belarus law does provide for administrative liability in the form of a fine with (or without) a confiscation of the information protection means used, if applying information protection systems and/or using technical and cryptographic means of protection that are not certified in accordance with Belarus law.  The administrative fine amounts up to 20 basic units (approx.  EUR 221 as of 11 January 2017) for individuals and up to 200 basic units (EUR 2,211 as of 11 January 2017) for legal entities.

Last modified 26 Jan 2018
Electronic Marketing

Electronic marketing is subject to the rules established by the Law on Advertising of 10 May 2007 No. 225 Z (the "Advertising Law") and the Law on Mass Media of 17 June 2008 No. 427 Z (the "Mass Media Law").

According to the Advertising Law names, pen names, images or expressions of Belarusian citizens cannot be used in advertisements without their consent. Distribution of advertisements by means of telecommunication networks (e.g. telephone, telex, facsimile, mobile telephone communications, email) can be carried out only with the consent of the subscriber or the addressee. The advertisement distributor is obliged to immediately stop the distribution of advertising to a subscriber or an addressee who made such a demand.

Individuals and entities whose rights have been violated as a result of the manufacture and distribution of advertisement are entitled to refer to the court with the corresponding claims.

According to the Law on Mass Media, the distribution of information messages and/or material prepared with the use of audio , video recording, motion picture photography and photography containing the image of an individual in the mass media without his consent is allowed only when taking measures against possible identification of this individual by third parties, as well as on condition that the constitutional freedoms and rights are not violated and such distribution is carried out in the public interest. These requirements are not applicable when the distribution is required by the court or enforcement agencies.

Last modified 26 Jan 2018
Online Privacy

Belarus law does not specifically regulate online privacy. However, the general requirements applicable to personal data protection apply. 

Last modified 26 Jan 2018
Contacts
Kaupo Lepasepp
Kaupo Lepasepp
Partner
T +372 6 400 900
Mihkel Miidla
Mihkel Miidla
Senior Associate, Head of Technology & Data Protection
T +372 6 400 959
Last modified 26 Jan 2018