The PDP, A New Standard for Data Privacy Rights in Belarus

The PDP, A New Standard for Data Privacy Rights in Belarus

The Law of 7 May 2021 No. 99-Z on Personal Data Protection, also known as the PDP for short, is a data protection law that was recently passed in Belarus in May of 2021 and comes into effect in November of 2021. As Belarus is not a member of the European Union, the country does not fall under the jurisdiction of the General Data Protection Regulation or GDPR. To this point, the PDP provides data subjects within Belarus with a similar level of protection as is offered to residents of EU member states through the General Data Protection Regulation. As such, the PDP lay out the requirements and obligations for data controllers and processors within Belarus as it relates to the collection, processing, and disclosure of personal data.

What is the scope and application of the PDP?

As it relates to the personal scope of the PDP, the law is in contrast to many other data privacy laws around the world in that it sets forth various categories of individuals who are involved in data processing, as opposed to simply data controllers and processors. To this extent, the PDP sets the following roles with respect to the collection, processing, use, transfer, distribution, and disclosure of personal data within Belarus:

Alternatively, the PDP does not specify any territorial scope as it relates to the law, as the provisions of the law are applicable to data that is processed within Belarus, while the definition of operator theoretically includes foreign data controllers and processors. However, clarification concerning the territorial scope of the law is expected to be provided in the future. Additionally, the material scope of the PDP covers all personal data that is processed within Belarus, irrespective of whether said processing is done using automated or non-automated methods or tools.

What are the obligations of individuals and organizations under the PDP?

In keeping with the similarities between the PDP and the EU’s GDPR law, the PDP also establishes various principles in regard to the safeguarding of personal data. These principles include:

What are the rights of data subjects under the PDP?

As one of the main reasons for the passing of the PDP was to ensure that data subjects within Belarus were provided with a similar level of data protection and privacy as is afforded to citizens of EU member states, the PDP offers many of the same rights as is offered by the General Data Protection Regulation. Such rights include the right to be informed, the right to access, the right to rectification, and the right to erasure. Additionally, the PDP also provides data subjects with the right to object or opt-out of consent, the right not to be subject to data processing decisions made solely on the basis of automated processing, and the right to data portability. What’s more, the PDP also provides Belarusian citizens with the right to both permit and restrict access to their personal data, as well as to determine the conditions under which their personal data can be processed.

In terms of the punishments that can be imposed against individuals and organizations who fail to maintain compliance with the law, the PDP is enforced by the Belarusian Data Protection Authority of DPA for short. To this end, the PDP contains provisions that allow for criminal, civil, and administrative liabilities to be brought against parties who violate the law. As such, punishment for non-compliance under the law includes:

As the nation of Belarus is not a part of the European Union and has not ratified the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data or Convention 108 for short, the country needed a law that would provide its citizens a level of data protection that was on par with their European counterparts. This was achieved through the passing of the PDP in May of this year, as the provisions of the law are vast and the punishments for failing to comply with these provisions are steep. As such, Belarusian citizens can have the peace of mind that their personal data and by extension their personal privacy are being protected at all times.

Related Reads