Kyrgyzstan Law 58

Law on Personal Data Protection No. 58

Flag of KG
KyrgyzstanOpt-inNational
Back to Regulations Guide

Key Facts

Effective Date
April 14, 2008
Enacted
April 14, 2008
Enforcing Authority
State Agency for Personal Data Protection (under Cabinet of Ministers)
Consent Model
Opt-in
Applies To
Government and private sector entities processing personal data in the Kyrgyz Republic

Overview

Kyrgyzstan's 2008 Law on Personal Data Protection provides a basic framework for data protection. The May 2025 amendment introducing administrative liability is significant — the law previously lacked effective penalty mechanisms, making enforcement essentially toothless.

What This Means for Your Website

  • Consent is required for collecting and processing personal data of Kyrgyz visitors
  • New administrative liability provisions from May 2025 add enforcement teeth
  • Fines range from KGS 10,000 to 1,000,000 (~USD 110-11,000)
  • Restrictions on cross-border data transfers apply
  • Enforcement is growing but still minimal

Key Requirements

The State Agency for Personal Data Protection enforces the law with new administrative fines from May 2025. Previously, the absence of effective penalties made the law largely declarative. The introduction of liability represents a step toward practical enforcement.

How ConsentStack Handles This

ConsentStack applies consent-based processing for Kyrgyz visitors, supporting compliance as enforcement mechanisms strengthen.

Penalties

Fines from KGS 10,000 to KGS 1,000,000 (~USD 110-11,000). Administrative liability introduced May 2025.

Maximum Fine
KGS 1,000,000 per violation

Key Requirements

  • Consent required for collecting and processing personal data
  • Data protection obligations for data operators
  • Restrictions on cross-border data transfers
  • Security measures required for personal data storage
  • New administrative liability provisions from May 2025

Notable Provisions

  • May 2025 amendment introduced administrative liability — previously no effective penalties
  • Basic framework but enforcement historically minimal
  • Among Central Asian states showing minor enforcement activity

Other Central Asia Regulations

Kazakhstan LPDPKazakhstan
Kazakhstan's LPDP requires written consent before collecting personal data with detailed specifications. Data must be stored within Kazakhstan (data localization). A massive 2025 breach affecting 16 million individuals prompted proposals for criminal liability for mass leaks. Breach notification is required within one business day.
Uzbekistan PDLUzbekistan
Uzbekistan's 2019 law requires explicit consent for data collection, third-party provision, and cross-border transfers. Presidential Decree PP-153 (April 2025) marks a shift toward practical enforcement with compulsory breach notifications in the financial sector. A new AI regulation bill is under parliamentary review.
Tajikistan Law 1537Tajikistan
Tajikistan's 2018 data protection law provides a framework for personal data processing with consent requirements. Enforcement is in its infancy with very low penalties and minimal practical enforcement activity. The President determines the authorized enforcement body.
Turkmenistan Law 519-VTurkmenistan
Turkmenistan has the weakest data protection framework among Central Asian states. No dedicated data protection authority exists, penalties are very low (120-150 EUR for administrative violations), and practical enforcement is essentially non-existent. No Central Asian state has acceded to Council of Europe Convention 108+.

Frequently Asked Questions

What changed in Kyrgyzstan in May 2025?

Administrative liability for data protection violations was introduced, filling a previous gap where the law lacked effective penalty mechanisms.

What are Kyrgyzstan's penalties?

Fines from KGS 10,000 to 1,000,000 (~USD 110-11,000), plus daily fines for continued non-compliance.

Is Kyrgyzstan actively enforcing data protection?

Enforcement is growing but still minimal. The May 2025 liability amendments are expected to increase enforcement activity.

Stay compliant with Kyrgyzstan Law 58

ConsentStack helps you implement Opt-in consent for Kyrgyzstan automatically.

Get started free