SecurePrivacy Logo

Belarus Personal Data Protection Law

View Law Text
Maximum Fine
BYN 200,000
Scope
National
Regulator
NCPDP
Enacted
2021

Need Help with Belarus Personal Data Protection Law Compliance?

Get expert guidance on implementing Belarus's data protection requirements and ensuring ongoing compliance for your organization.

Get Expert Help

Overview

The Personal Data Protection Law establishes comprehensive requirements for the processing of personal data in Belarus, enforced by the National Center for Personal Data Protection.

Key Facts

  • Enacted in 2021
  • Enforced by National Center for Personal Data Protection
  • Includes data localization requirements

Key Principles

Lawful Processing

Personal data must be processed lawfully and with proper authorization.

Requirements

  • Obtain valid consent
  • Identify legal basis
  • Document processing grounds
  • Regular compliance reviews
  • Maintain processing records

Examples

  • Consent mechanisms
  • Legal basis documentation
  • Processing records
  • Compliance reports

Data Security

Implementation of appropriate security measures to protect personal data.

Requirements

  • Implement security controls
  • Regular risk assessments
  • Staff training
  • Incident response plans
  • Security monitoring

Examples

  • Security policies
  • Training programs
  • Incident procedures
  • Monitoring systems

Data Localization

Requirements for storing and processing personal data within Belarus.

Requirements

  • Local storage implementation
  • Cross-border transfer controls
  • Regular audits
  • Compliance monitoring
  • Documentation maintenance

Examples

  • Storage policies
  • Transfer procedures
  • Audit reports
  • Compliance records

Compliance Requirements

Registration Requirements

Organizations must register their data processing activities with the National Center for Personal Data Protection.

Implementation Steps

  • Submit registration application
  • Document processing activities
  • Pay registration fees
  • Maintain registration records
  • Update when changes occur

Required Documentation

  • Registration certificates
  • Processing records
  • Payment receipts
  • Update history
  • Change notifications

Cross-Border Transfers

Requirements for transferring personal data outside Belarus.

Implementation Steps

  • Assess recipient country adequacy
  • Implement transfer safeguards
  • Obtain necessary approvals
  • Document transfer mechanisms
  • Monitor compliance

Required Documentation

  • Transfer assessments
  • Safeguard documentation
  • Authority approvals
  • Transfer records
  • Monitoring logs

Security Requirements

Implementation of appropriate technical and organizational security measures.

Implementation Steps

  • Conduct risk assessments
  • Implement security controls
  • Train staff on security
  • Regular security audits
  • Incident response planning

Required Documentation

  • Security policies
  • Risk assessments
  • Training records
  • Audit reports
  • Incident response plans

Enforcement & Penalties

Administrative Penalties

The National Center for Personal Data Protection can impose administrative penalties for violations.

Penalty Categories

Severe Violations
Up to BYN 200,000
For serious breaches of data protection requirements
Processing Violations
Up to BYN 100,000
For unauthorized processing of personal data
Registration Failures
Up to BYN 50,000
For failure to register or maintain registration

Example Cases

Technology Company
BYN 150,000
2023 - Unauthorized data transfers outside Belarus
Financial Institution
BYN 80,000
2022 - Insufficient security measures leading to data breach

Criminal Penalties

Serious violations may result in criminal prosecution.

Penalty Categories

Intentional Violations
Up to BYN 200,000 and imprisonment
For deliberate violations of the law
False Information
Up to BYN 100,000
For providing false information to authorities
Obstruction
Up to BYN 50,000
For obstructing investigations

Example Cases

Data Breach Case
BYN 180,000
2023 - Intentional concealment of major data breach
Compliance Violation
BYN 120,000
2022 - Repeated non-compliance with authority orders