Two compliance areas concern almost every company: lawful handling of personal data and counterparty screening. Both affect fines and reputation.
Personal data (Law No. 94-V)
Principles:
- processing with consent (except where the law provides otherwise);
- a defined and lawful purpose;
- proportionality of the volume;
- confidentiality and security;
- as a general rule — storage of Kazakhstan citizens' data on servers in Kazakhstan (localisation);
- cross-border transfer subject to conditions.
Implement: a policy and consent forms, a consent log, a responsible officer, protective measures, and a procedure for responding to data subjects' requests.
Counterparty screening
Via public registers: registration and status, beneficiaries, the register of unreliable suppliers, tax history, court disputes, sanctions lists. This reduces the risk of shell companies, additional tax assessments and reputational losses.
Anti-corruption
For work with the public sector and foreign partners — internal anti-corruption policies (a ban on improper payments, rules on gifts and conflicts of interest).
Related materials: AML/CFT and KYC · Compliance in business · Due diligence and M&A.
This material is for reference only and does not constitute legal advice. Rules, deadlines and rates change — before acting, verify against primary sources (egov.kz, adilet.zan.kz, vmp.gov.kz) or consult the lawyers of SHANYRAQ Legal.