Personal data protection services according to No. ZRU-547

mdtech PROVIDES A FULL RANGE OF PERSONAL DATA PROTECTION SERVICES FOR BUSINESS AND GOVERNMENT COMPANIES IN UZBEKISTAN

Creating an information and personal data protection system is a mandatory requirement for companies operating in Uzbekistan. With the strengthening of control by the State Inspectorate for Control in the Sphere of Informatization and Telecommunications ("Uzkomnazorat") and the Cybersecurity Center, the absence of a reliable protection system turns data processing into a high-risk zone. Data leaks can lead to significant fines and the suspension of organizational activities.

Modern threats—attacks on cloud storage, software vulnerabilities, and human error—require not only technological solutions but also strict compliance with the Law of the Republic of Uzbekistan No. ZRU-547 "On Personal Data."

PLEASE NOTE! Outdated security protocols, incompatibility of used software with national standards, and regular updates in legislation make independent system development an extremely risky practice.

---

Law of the Republic of Uzbekistan No. ZRU-547 "On Personal Data"

Law No. ZRU-547 (dated July 2, 2019) regulates relations associated with the processing of personal data of citizens of Uzbekistan. Its main goal is to protect human rights and freedoms during data processing and to prevent unauthorized access to confidential information.

The law establishes strict requirements for the collection, systematization, and storage of data, including data localization (mandatory storage on servers physically located within the territory of the Republic of Uzbekistan).

Who Must Comply with the Law?

Any legal entity in Uzbekistan that collects and processes public data. This includes:

• Banks and financial organizations;

• Retail and loyalty systems;

• Educational and medical centers;

• Online services and e-commerce.

If your company operates with data such as Full Name, address, phone number, passport details (PINFL), or biometric data, you are the owner and (or) operator of a personal data database and must comply with the law.

What is the Liability?

In Uzbekistan, administrative and criminal liability is provided for violations of personal data legislation (Article 141-2 of the Administrative Liability Code and Article 141-2 of the Criminal Code of the Republic of Uzbekistan). Violations such as illegal collection or storage of data, or failure to comply with server localization requirements, lead to:

• Substantial monetary fines (calculated in BRV — Base Calculating Value);

• Confiscation of equipment;

• Suspension of information systems by the regulator.

---

Work Stages for Compliance with ZRU-547

1. Expert Audit: Analysis of current data processing, checking infrastructure for compliance with Uzbekistan's national standards.

2. Threat Modeling: Assessment of potential attack vectors and identification of vulnerabilities specific to your business type.

3. Security Planning: Designing the architecture of Information Security Tools (IST) in accordance with Uzkomnazorat and Cybersecurity Center requirements.

4. Documentation Development: Preparing a full package of documents: regulations, instructions, and privacy policies compliant with Uzbek law.

5. Implementation: Deploying certified hardware and software protection tools and ensuring data localization within Uzbekistan.

6. Support and Registration: Assisting in the registration of personal data databases in the State Register and providing ongoing technical support.