The Constitution of the Kyrgyz Republic prohibits collection, storage, use and dissemination of confidential information, private life information is not allowed without consent confidential / private life information subject.

More detailed regulation of personal data may be found in the Law of the Kyrgyz Republic on Personal Data No.58 dated 14 April 2008 ('The Law on Personal Data'), which entered into force on 18 April 2008. The most recent amendments were made to the Law on Personal Data on 29 November 2021. These amendments state that rules of processing of personal data for purposes of protection of the rights of participants in criminal proceedings is determined by the Cabinet of Ministers of the Kyrgyz Republic.

The Law on Personal Data is directed at legal regulation of work with personal data based on the standard international norms and principles according to the Constitution of the Kyrgyz Republic and laws of the Kyrgyz Republic is necessary first of all for assuring human personal rights and freedoms relating to the personal data gathering, processing and use. 

The Law on Personal Data regulates relations arising at work with personal data, irrespective of the applied information processing means, except the work realization with the personal data, with its further transfer to the third persons.

Additional requirements to collection, use and transfer of personal data can be found in the following normative-legal acts:

• Procedure for Obtaining Consent of Personal Data Subject on Collection and Processing of its Personal Data, the Procedure and Form of Notification of Personal Data Subject on Transfer of their Personal Data to a Third Party approved by the Regulation of the Government of the Kyrgyz Republic dated 21 November 2017 # 759;
• Requirements for Ensuring the Security and Protection of Personal Data During their Processing in Personal Data Information Systems, the Implementation of Which Ensures the Established Levels of Protection of Personal Data approved by Regulation of the Government of the Kyrgyz Republic dated 21 November 2017 # 760; and
• Procedure for registration of holders (owners) of arrays of personal data, arrays of personal data and lists of personal data in the Register of holders (owners) of arrays of personal data approved by Regulation of the Cabinet of Ministers of the Kyrgyz Republic dated 18 November 2022 #638.

According to Article 30 of the Law on Personal Data - arrays of personal data and holders (owners) of these arrays are subject to mandatory registration with the State Agency for Personal Data Protection under the Cabinet of Ministers of the Kyrgyz Republic.

However, the Law does not specify if only local entities may be considered as a holder of personal data array or if this concept includes foreign entities as well. It shall be noted that the current registration procedure allows the registration only for local entities as the electronic registration system requires submission of local registration data. 

Given that there is no practical possibility to be registered as a holder of personal data array we believe that this requirement do not apply to the foreign legal entities.

The most recent amendments were made to the Law on Personal Data on 12 July 2022. These amendments include that part 5 and 6 of article 6 are stated as follows:

• At the request of the subject of personal data, the mode of public access to information (bibliographic directories, telephone and address books, private announcements, etc.) can be established. Exceptions are cases when information must be public in cases of administration of justice and execution of a judicial act, as well as in cases provided for by the laws of the Kyrgyz Republic in the field of electronic governance, national security, countering terrorism and corruption, operational-search activities and other cases determined by laws of the Kyrgyz Republic.
• From the moment of state registration of the death of the subject of personal data, the person is assigned the status of "deceased". The personal data of the deceased subject are subject to archiving and storage.¹