The publication “Personal data protection in NGOs: challenges and solutions” was prepared by Kuralay Karakulova with the support of the IWPR Representative in Central Asia and the regional analytical platform CABAR.asia.
For citation and references to the material, it is necessary to indicate: Kuralay Karakulova, 2025, Personal data protection in NGOs: challenges and solutions (Policy Brief), CABAR.asia.
The publication states that in Kazakhstan, most public organizations (POs) lack specific, formalized regulations for handling personal data. Representatives of POs that formally have such regulations say that in practice, it is difficult to comply with all their requirements. Personal data protection measures are unsystematic and often implemented without a unified strategy or coordination. One important aspect is the topic of interaction with donors, who often require beneficiaries to provide their personal data.
In some cases, to confirm project implementation, services rendered, and budget utilization, donors request not only publicly available data such as full names, but also sensitive information, including copies of documents, medical certificates, social status information, and other information. Many organizations note that increasingly more beneficiaries are afraid to provide personal data due to the increasing incidence of cyber fraud. This is especially noticeable in projects that work with elderly groups. There is also concern that government agencies may gain access to internal data of organizations. The survey revealed that representatives of public organizations have little understanding of the measures, policies, and documents required within their organizations.
The publication provides specific recommendations to public organizations and government agencies on developing practical tools to protect the personal data of NGO employees.
This publication was funded by the European Union. Its contents are the sole responsibility of IWPR and do not necessarily reflect the views of the European Union.