DLA Piper Intelligence

Data Protection
Laws of the World

Law

Belarus
Belarus

The main legal acts regulating personal data protection in Belarus are the Law on Information, Informatisation and Information Protection of 10 November 2008 No. 455 Z (hereinafter referred to as the 'Information Protection Law') and the Law on Population Register of 21 July 2008 No. 418 Z (hereinafter referred to as the 'Population Register Law').

The acts implemented within the framework of the Eurasian Economic Union should also be taken into consideration, eg the Protocol on Informational Communication Technologies and Informational Interaction within the Eurasian Economic Union, Annex 3 to the Treaty on the Eurasian Economic Union of 29 May 2014.

On 14 December 2016 the draft Law on Personal Data was approved by the Council on Legal and Judicial Activity under the President of the Republic of Belarus. It is expected that the draft Law on Personal Data shall be submitted for the President's approval by September 2017.

Last modified 26 Jan 2017
Law
Belarus

The main legal acts regulating personal data protection in Belarus are the Law on Information, Informatisation and Information Protection of 10 November 2008 No. 455 Z (hereinafter referred to as the 'Information Protection Law') and the Law on Population Register of 21 July 2008 No. 418 Z (hereinafter referred to as the 'Population Register Law').

The acts implemented within the framework of the Eurasian Economic Union should also be taken into consideration, eg the Protocol on Informational Communication Technologies and Informational Interaction within the Eurasian Economic Union, Annex 3 to the Treaty on the Eurasian Economic Union of 29 May 2014.

On 14 December 2016 the draft Law on Personal Data was approved by the Council on Legal and Judicial Activity under the President of the Republic of Belarus. It is expected that the draft Law on Personal Data shall be submitted for the President's approval by September 2017.

Last modified 26 Jan 2017
Definitions

Definition of personal data

According to the Information Protection Law personal data are basic and additional personal data of an individual which are subject to the admission to the population registry, as well as other data which allow identifying such an individual. The basic personal data are defined by the Population Register Law as a closed list of the data including:

  • name
  • surname
  • birth date
  • citizenship
  • address details.

The additional personal data are also defined by the Population Register Law as a closed list of the data including eg data on:

  • a spouse
  • children
  • relatives
  • tax obligation
  • education etc.

Belarus law does not define the notion 'other data which allow identifying individual'.

Definition of sensitive personal data

There is no concept of sensitive personal data under Belarus law currently.

Last modified 26 Jan 2017
Authority

There are two main authorities occupied primarily with overseeing data protection: Operational and Analytical Centre under the President of the Republic of Belarus (hereinafter referred to as the 'Centre') and the Ministry of Communications and Informatisation of the Republic of Belarus (hereinafter referred to as the 'Ministry').  

Last modified 26 Jan 2017
Registration

Belarus law does not require the registration of information systems (eg databases) that contain personal data or to register as a processor of personal data for private owned information systems.  For state information systems Belarus law requires registration with the Ministry regardless whether any personal data are processed in it.  Such registration can be carried out for private owned information systems voluntarily.  According to the Information Protection Law state information systems are information systems created and (or) acquired at republican or local budget costs, state off budget funds costs, as well as at state legal entities costs.

Last modified 26 Jan 2017
Data Protection Officers

State bodies and legal entities which are carrying out personal data processing shall establish special departments or select employees who are going to be responsible for the information protection in such a state body or a legal entity.  If technical methods of information protection are used, eg encryption, there shall be a special department on technical information protection established by such state bodies and legal entities.  

Last modified 26 Jan 2017
Collection & Processing

Collection and processing of personal data are subject to the following mandatory conditions:

  • to be carried out only with a written consent of the individual to which the personal data belong
  • to be carried out in information systems equipped with information protection systems using technical and cryptographic means of protection certified in accordance with Belarus law
  • to be carried out with implementing certain legal, organisational and technical measures of personal data protection.

The legal measures may include concluding agreements with an individual whose personal data are collected and processed. Such agreements should stipulate the terms of personal data usage, as well as parties responsibility for breach of such terms.

The organisational measures may include establishing a special entrance regime to the premises where the collection and processing are carried out, and design a list of employees which can have an access to such premises and data.

The technical measures may include using cryptography and other possible measures of control over information protection to be carried out by state bodies and legal entities on condition that a special department or employees are selected for overviewing information protection in such state bodies and legal entities.

Last modified 26 Jan 2017
Transfer

According to the Information Protection Law, transfer of personal data shall be carried out with written consent of the individual to whom the personal data transferred belongs. There are no specific requirements established for transfer of personal data from Belarus to abroad.

In practise, the employers receiving the personal data of their employees carry out possible measures (legal, organisational, technical etc.) to prevent illegal distribution of personal data and comply with Information Protection Law requirements.

Last modified 26 Jan 2017
Security

The legal entities and (or) individuals using personal data shall carry out in accordance with Belarus law appropriate legal, organisational, technical measures of information protection in order to establish personal data protection from their illegal distribution.

Last modified 26 Jan 2017
Breach Notification

There are no requirements under Belarus law to report the personal data protection breaches either to the state authorities, or the individuals whose personal data are concerned.

Mandatory breach notification

There are no mandatory requirements under Belarus law to report the personal data protection breaches either to the state authorities, or the individuals whose personal data are concerned.

Last modified 26 Jan 2017
Enforcement

Enforcement of the Law on Information Protection is primarily carried out by the Ministry and the Centre.  Currently Belarus law does not provide for any liability for the breach of the regulation on personal data protection.  Belarus law does provide for administrative liability in the form of a fine with (or without) a confiscation of the information protection means used, if applying information protection systems and (or) using technical and cryptographic means of protection that are not certified in accordance with Belarus law.  The administrative fine amounts up to 20 basic units (approx.  EUR 221, as of 11 January 2017) for individuals and up to 200 basic units (EUR 2 211 as of 11 January 2017) for legal entities.

Last modified 26 Jan 2017
Electronic Marketing

Electronic marketing is subject to the rules established by the Law on Advertising of 10 May 2007 No. 225 Z (hereinafter referred to as the 'Advertising Law') and the Law on Mass Media of 17 June 2008 No. 427 Z (hereinafter referred to as the 'Mass Media Law').

According to the Advertising Law names, pen names, images or expressions of the Belarusian citizens cannot be used in the advertisement without their consent. Distribution of advertisements by means of telecommunication networks eg telephone, telex, facsimile, mobile telephone communications, e mail can be carried out only with consent of a subscriber or an addressee. The advertisement distributor is obliged to stop immediately the distribution of advertising to a subscriber or an addressee who made such a demand.

Individuals and entities the rights of which have been violated in the result of manufacture and distribution of advertisement are entitled to refer to the court with the corresponding claims.

According to the Law on Mass Media distributing information messages and/or material prepared with the use of audio , video recording, motion picture photography and photograph of an individual in the mass media without his consent is allowed only when taking the measures against possible identification of this individual by third parties, as well as on condition that the constitutional freedoms and rights are not violated and such distribution is carried out to the public interest. These requirements are not applicable to the cases when the distribution is required by the court, enforcement agencies.

Last modified 26 Jan 2017
Online Privacy

Belarus law does not specifically regulate on line privacy. General requirements applicable to the personal data protection shall be applicable. 

Last modified 26 Jan 2017
Contacts
Kaupo Lepasepp
Kaupo Lepasepp
Partner
T +372 6 400 900
Mihkel Miidla
Mihkel Miidla
Senior Associate, Head of Technology & Data Protection
T +372 6 400 959
Last modified 26 Jan 2017