Since January 1, 2024, the Registry of Personal Data Operators will be launched in Belarus. The Registry launched in test mode today, December 15, 2023.
Companies shall enter certain data about information resources (systems) into the Registry when processing personal data using such resources.
In what cases the data shall be entered into the Registry?
Information about information resources (systems) is subject to inclusion in the Registry if via such resources are carried out:
- cross-border transfer of special personal data, if the territory of a foreign state does not ensure an adequate level of protection of the rights of personal data subjects, except for certain cases;
- processing of biometric and (or) genetic personal data;
- processing of personal data of more than one hundred thousand individuals;
- processing of personal data of more than ten thousand individuals under the age of sixteen.
Please note that only one of the above criteria is sufficient for inclusion requirements.
Terms and procedure of incusion into the Registry?
The terms for entering data into the Registry:
- not later than January 15, 2024 for existing information resources (systems);
- within 10 business days after launching – for those created after January 1, 2024.
Data entered into by personal data operators or its authorized person.
Data is entered in electronic form using the unified identification system of individuals and legal entities, or in the form of an application letter sent via the interdepartmental document management system or by mail.
The form of the application letter can be found at https://cpd.by/vnimaniju-operatorov-nachalos-beta-testirovanie-reestra-operatorov-personalnyh-dannyh/. Thus, it is necessary to enter in the Registry information about operator, authorized person, person responsible for internal control of personal data processing, information resource (system) itself and some others.
In case of failure to provide the above data in due time, there is a risk of administrative liability.
What does it mean?
From a practical standpoint, this means that dealing with the Registry will be necessary for large businesses handling a significant volume of personal data, companies transmitting personal data to foreign states that do not ensure an adequate level of protection for data subjects’ rights, as well as companies and institutions working with biometrics.
If you have any additional questions related to the personal data protection regulation, please contact our experts.
Author: Matsvei Haradnik
