Business & Immigration
 Get Free Consultation Now!
Share 0
Tweet 0
Pin 0
                                                    June 11, 2025

Data Subject Rights Under Armenian Law: Access, Rectification, Erasure, and Portability Obligations

Data Subject Rights Under Armenian Law: Access, Rectification, Erasure, and Portability Obligations

Armenia's robust data protection framework empowers individuals with comprehensive rights over their personal information. This guide explores the essential data subject rights under Armenian law and what they mean for businesses and individuals.

The Law of the Republic of Armenia on Protection of Personal Data (Law No. ZR-49), enacted in May 2015, establishes fundamental rights for data subjects—individuals whose personal information is processed by organizations, government bodies, or other entities. These rights form the cornerstone of privacy protection in Armenia, closely aligned with international standards including the EU's General Data Protection Regulation (GDPR).

Why Data Subject Rights Matter

Data subject rights ensure that individuals maintain control over their personal information in an increasingly digital world. For businesses operating in Armenia, understanding and implementing these rights is not just a legal obligation—it's essential for building trust and avoiding significant penalties.

Get Expert Armenian Data Protection Compliance Guidance

The Four Fundamental Data Subject Rights

Right to Access

Data subjects have the right to obtain confirmation about whether their personal data is being processed and, if so, access to that data along with detailed information about the processing activities.

  • Confirmation of data processing
  • Copy of personal data
  • Processing purposes and legal basis
  • Recipients of data

Right to Rectification

Individuals can request the correction of inaccurate personal data and the completion of incomplete data without undue delay from the data controller.

  • Correction of inaccurate data
  • Completion of incomplete data
  • Update outdated information
  • No cost to data subject

Right to Erasure

Also known as the "right to be forgotten," this allows data subjects to request deletion of their personal data when specific conditions are met.

  • Data no longer necessary
  • Consent withdrawn
  • Unlawful processing
  • Legal compliance requirement

Right to Data Portability

Data subjects can obtain their personal data in a structured, commonly used format and transmit it to another controller under certain circumstances.

  • Structured data format
  • Machine-readable format
  • Direct transmission possible
  • Applies to automated processing

Legal Framework and Requirements

Data Controller Obligations

  • Response Timeline: Controllers must respond to data subject requests without undue delay and within 30 days maximum
  • Identity Verification: Reasonable measures must be taken to verify the data subject's identity
  • Documentation: All requests and responses must be properly documented
  • Third-Party Notification: Recipients of personal data must be informed of rectifications or erasures

Enforcement Authority

Personal Data Protection Agency (PDPA)

The PDPA, operating under the Ministry of Justice, oversees compliance with data subject rights and has extensive enforcement powers.

  • Administrative fines up to 500,000 AMD
  • Processing prohibition orders
  • Compliance investigations
  • Registry maintenance duties

Practical Implementation Guide for Businesses

Implementing Access Rights

Essential Steps:

1. Request Processing System

  • • Establish clear intake procedures
  • • Create request tracking mechanisms
  • • Implement identity verification protocols

2. Data Inventory Management

  • • Maintain comprehensive data maps
  • • Document processing activities
  • • Track data recipients and transfers

Example Response Template: "We confirm that we process the following personal data about you: [detailed list]. This data is processed for [specific purposes] based on [legal grounds]. The data may be shared with [recipients] and will be retained until [retention period]."

Handling Rectification Requests

Implementation Framework:

Verification Process

Establish procedures to verify the accuracy of correction requests and validate the identity of requesters.

System Updates

Implement automated or manual processes to update data across all systems and notify relevant third parties.

Notification Protocol

Create systems to inform recipients of personal data about corrections made to ensure data consistency.

Managing Erasure Requests

Key Considerations:

Valid Erasure Grounds:
  • Personal data no longer necessary
  • Consent withdrawn (where consent was the legal basis)
  • Personal data unlawfully processed
  • Erasure required for legal compliance
Erasure Exceptions:
  • Legal obligation to retain data
  • Public interest or official authority
  • Freedom of expression and information
  • Legal claims establishment or defense

Facilitating Data Portability

Technical Requirements:

Structured Format Requirements

Data must be provided in a structured, commonly used, and machine-readable format such as CSV, JSON, or XML.

Example JSON format:
{
  "user_data": {
    "name": "John Doe",
    "email": "[email protected]",
    "registration_date": "2023-01-15"
  }
}
Implementation Scope

Portability applies only to data processed based on consent or contract performance, and only when processing is carried out by automated means.

Get Professional Compliance Implementation Support

Common Compliance Challenges and Solutions

Typical Challenges

Data Location Complexity

Personal data scattered across multiple systems, databases, and third-party services makes comprehensive access difficult.

Identity Verification Issues

Balancing security requirements with accessibility while preventing fraudulent requests.

Technical Implementation Costs

Developing and maintaining systems to handle data subject requests can be resource-intensive.

Cross-Border Coordination

Managing requests when data is processed by international partners or subsidiaries.

Practical Solutions

Implement Data Mapping

Create comprehensive data inventories and maintain updated records of all processing activities and data locations.

Develop Standard Procedures

Establish clear, documented processes for handling each type of data subject request with defined timelines and responsibilities.

Invest in Automation Tools

Deploy privacy management platforms that can automate request processing, identity verification, and data retrieval.

Establish Clear Agreements

Create contractual obligations with third parties regarding data subject request handling and response coordination.

Real-World Case Examples

Case Study: E-commerce Platform Access Request

Situation:

A customer requested access to all personal data held by an Armenian e-commerce platform, including purchase history, browsing data, and marketing preferences.

Challenges:

  • • Data spread across multiple systems
  • • Third-party payment processor involvement
  • • Historical data in legacy systems

Solution Implemented:

  • • Comprehensive data mapping exercise
  • • Coordination with payment processor
  • • Development of unified data export tool
  • • Structured response in PDF and CSV formats

Result: Full compliance achieved within 25 days, customer satisfaction maintained, and process documented for future requests.

Case Study: Healthcare Provider Erasure Request

Situation:

A former patient requested complete erasure of their medical records after switching to a different healthcare provider.

Legal Complexity:

  • • Medical record retention requirements
  • • Insurance claim dependencies
  • • Public health reporting obligations

Resolution Process:

  • • Legal analysis of retention obligations
  • • Partial erasure of non-essential data
  • • Clear explanation of retention necessity
  • • Documentation of compliance rationale

Result: Partial compliance with clear justification for data retention, avoiding potential PDPA enforcement action while maintaining legal obligations.

Need Help Navigating Complex Data Subject Rights Cases?

Penalties and Enforcement Landscape

Enforcement Actions and Penalties

Administrative Penalties

Financial Penalties:

  • • Up to 500,000 AMD per violation
  • • Cumulative for multiple violations
  • • Additional costs for investigation

Operational Penalties:

  • • Processing prohibition orders
  • • Mandatory system audits
  • • Public reporting of violations

Recent Enforcement Trends

• The PDPA has significantly increased enforcement activities, with a 30% rise in administrative cases handled

• Focus areas include inadequate response to data subject requests and insufficient security measures

• Repeat offenders face escalated penalties and enhanced monitoring

• Cross-border data transfer violations are receiving particular attention

Risk Mitigation

Protection Strategies

  • Proactive compliance programs
  • Regular staff training initiatives
  • Automated request handling systems
  • Legal counsel consultation
  • Industry best practice adoption
  • Continuous monitoring and auditing
Professional Support

Expert legal guidance can significantly reduce compliance risks and associated costs.

Explore professional compliance services →

Best Practices and Recommendations

Operational Excellence

Establish Clear Procedures

Develop standardized workflows for each type of data subject request, including escalation procedures for complex cases.

Implement Technology Solutions

Leverage privacy management platforms and automated tools to streamline request processing and ensure consistency.

Regular Training Programs

Ensure all staff understand data subject rights and their role in the compliance process through ongoing education.

Performance Metrics

Key Performance Indicators

Average Response Time ≤ 15 days
Request Completion Rate ≥ 95%
Data Subject Satisfaction ≥ 4.5/5
Compliance Audit Success 100%
Pro Tip

Regularly review and update your data subject rights procedures based on new regulations, technology changes, and lessons learned from past requests.

Frequently Asked Questions

How long do organizations have to respond to data subject requests in Armenia?

Under Armenian law, data controllers must respond to data subject requests "without undue delay" and within a maximum of 30 days from receipt of the request. This timeframe may be extended by an additional 30 days in complex cases, provided the data subject is informed of the extension and the reasons for it within the first 30-day period.

Best Practice: Aim to respond within 15 days to demonstrate commitment to data protection and exceed legal requirements.

Can organizations charge fees for processing data subject requests?

Generally, data subject requests must be processed free of charge. However, organizations may charge a reasonable fee based on administrative costs for additional copies of information or when requests are manifestly unfounded or excessive, particularly if they are repetitive in nature.

Important: The burden of proving that a request is manifestly unfounded or excessive lies with the data controller.

What verification is required for data subject requests?

Organizations must take reasonable measures to verify the identity of data subjects making requests, especially for sensitive operations like erasure. Acceptable verification methods include government-issued ID documents, digital signatures, or existing account authentication mechanisms.

Balance Required: Verification measures should be proportionate to the sensitivity of the data and the nature of the request.

When can organizations refuse data subject requests?

Organizations may refuse requests when they are manifestly unfounded or excessive, when they conflict with legal obligations (such as record retention requirements), or when processing is necessary for public interest, legal claims, or freedom of expression purposes.

Required Response: Even when refusing a request, organizations must provide clear reasoning and inform data subjects of their right to complain to the PDPA.

Do Armenian data subject rights apply to international companies?

Yes, international companies that process personal data of individuals in Armenia are subject to Armenian data protection law and must comply with data subject rights obligations. This applies regardless of where the company is established, if they are processing data of Armenian residents or if the processing activities are related to offering goods or services to individuals in Armenia.

Compliance Tip: International companies should establish clear procedures for handling Armenian data subject requests and consider appointing local representation if required.

What formats are acceptable for data portability responses?

Data must be provided in a structured, commonly used, and machine-readable format. Acceptable formats include CSV, JSON, XML, or other standardized formats that allow data subjects to easily transmit the information to another controller. The format should be readily usable without requiring specialized software.

User-Friendly Approach: Consider providing data in multiple formats when possible to maximize accessibility and usability for data subjects.

Ready to Ensure Full Compliance with Armenian Data Protection Law?

Navigate the complexities of data subject rights implementation with expert guidance tailored to your business needs.

Get Expert Legal Guidance

Professional compliance support for international businesses

Specialized in Armenian data protection requirements

Conclusion: Building a Rights-Respecting Data Culture

Data subject rights under Armenian law represent more than legal obligations—they embody the fundamental principle that individuals should control their personal information. Organizations that embrace these rights proactively, implementing robust systems and procedures, will not only achieve compliance but also build stronger relationships with customers and stakeholders.

Trust Building

Transparent data practices build lasting customer relationships

Risk Mitigation

Proactive compliance reduces regulatory and reputational risks

Competitive Advantage

Strong privacy practices differentiate your business in the market

The journey toward full compliance with Armenian data subject rights requires ongoing commitment, proper resources, and expert guidance. Don't navigate this complex landscape alone.

Start Your Compliance Journey Today

Disclaimer: The content on this page is for general informational purposes only and should not be relied upon as legal, financial, or professional advice. While we strive to ensure accuracy, the information may be incomplete, outdated, or subject to change without notice. Readers should consult a qualified professional before making any decisions based on the content provided. We do not accept any responsibility for errors, omissions, or outcomes related to the use of this information.

 Previous Article 
Next Article

Contact Us for Assistance

Whether you have a specific concern or just need some preliminary advice, our team is here to help. Fill out the form below, and one of our experts will reach out to you shortly. No strings attached, and absolutely free.

Contact Us

Prefer to talk instead? Click the button below to book a free call with one of our experts at a time that works for you. 

 Book a Call

Your Privacy Matters to Us
Rest assured, any information you provide will be treated with the utmost confidentiality. We firmly believe in the principle of data privacy. That means we will not sell, rent, or lease our contact lists to any third party, and your personal details will never be handed over to individuals, government agencies, or companies.

What Clients Say

I can only speak very highly of the wonderful lawyers I met with here. Hasmik and Luiza made the whole process of applying for a residence permit very simple, smooth and straightforward. I may need assistance at some point in the future to apply for a permit for one of my employees. I highly recommend this firm. Thank you very much.
Emma S.

Everything was great I really appreciate the high quality service of your firm. The outcome is desirable and I am pleased. All lawyers are professional and very helpful. Thank you very much for your services. I will give 5 star for everything.
Y. Xu

My family and I would like to express our highest appreciation to Arman and the team for the responsive and professional support along the journey. Although there was an unexpected situation, Arman helped follow our cases through and provide us regular updates. Thank you.
Jackson C.

All was exactly as described. Practical, cost-effective, and trustworthy legal services for all and any legal work in the Republic of Armenia. My long-term experience with this team has been good, and I am happy to recommend them for personal legal services. They respond promptly to communications, and their English/Armenian language skills are of professional standard. I will be using the services again for any issue that I have.
Simon C.

Keep up the good work. So far, I am very satisfied with the overall service. Arman is a pleasure to work with.
Justin E.

Excellent communication with clear and concise explanation of what was needed to be done with prompt follow up and guidance. Hasmik was a pleasure to work with.
John P.

John B.

I worked with Vardanyan & Partners for a couple years now and they have been of great help! I am 100% satisfied and fully recommend their services.
Idriss C.

Ms. Hasmik Mirzoyan was my main point of contact and provided informative and timely correspondence; as well as assisted me with contacting a local accountant for questions I had pertaining to future income tax implications. I felt well supported and assisted throughout the process. Ms. Hasmik Mirzoyan is very professional and always helpful and certainly an asset to your firm.
Shane L.

Ms. Mirzoyan at Vardanyan & Partners has provided me with a truly unparalleled customer service experience. Polite, transparent, attentive, and honest are the words which come to mind when I think of how I've been treated by this law firm. շնորհակալություն!
Vikram R.

This law firm exemplifies professionalism and offers exceptional post-service guarantees. I highly recommend their services.
Dina Y.

We were impressed by business ethics, accuracy and professionalism of the company, which make this company stand out from the rest. The team that processed our case proved to be highly efficient and professional. Starting a business in Armenia while abroad and having to rely 100% on on-line communication is a big challenge in terms of trust and confidence. We are very happy with the work the team's done for us and will definitely continue cooperating with them in the future. We highly recommend this company as a reliable partner.
Anna A.

They were a fast and competent team. They helped me to get all the needed information and then provided all the services. I highly recommend them as a partner in Armenia.
Sergey Ch.

Vardanyan & Partners have been by my side throughout my entire experience of relocating to Armenia, residing in Armenia, and eventually becoming a citizen of the Republic of Armenia. I'm very happy overall with the services which they rendered for both me and my family members, and am very glad I chose this law firm for all my immigration issues.
Richard W.

Thank you for your excellent work and highly competent approach to execute the process both on the spot and remotely. I am glad I have chosen your company to handle the application and the process of obtaining my Armenian passport by descent. Everything was done promptly and with appropriate reaction and solution when the circumstances changed (due to law changes in the country). Shnorhakalut’yun!
Stephen M.

Worked with them for over 3 years now. Always professional, excellent service and communication, the staff all speak English. Highly recommend, particularly for foreigners doing business in Armenia.
Patrick E.

After my research on a reliable lawyer who could follow my request for residency in Armenia, I selected the firm Vardanyan & Partners. The website made an excellent impression on me, complete with all the information. I contacted them and they then resolved my doubts within a few days. Furthermore, they also offer a guarantee on their service. I was very satisfied and happy with my choice.
Christian P.

Very good quality of service. I highly recommend using the services of Vardanyan & Partners especially with Arman Batikyan. The team is very pleasant, competent and available.
Adrien W.

I had a challenging case, and Vardanyan & Partners exceeded my expectations in handling it. Their unwavering dedication and persistence ensured a successful resolution, even when obstacles seemed insurmountable. I'm deeply appreciative of their support. The team's professionalism, patience, and kindness—from the accountants to the lawyers and assistants, all the way to the Managing Attorney—were exceptional. I wholeheartedly recommend Vardanyan & Partners, and I eagerly anticipate the opportunity to work with them again in the future.
Ashkan G.

The company is the great team of professional specialists. They have formally defined mature processes, that helps to serve client's requests clearly, on time, without red tape and bureaucracy.
Maxim B.

The team members were all professional, knowledgeable and most importantly, honest. They are hard-working and patient and were always responsive to my messages and questions. What I like most is, they are very well organized and have a modern system of work.
H. Rassa

It is always daunting when dealing with immigration, visas in a foreign country. The team at Vardanyan & Partners made the process for registering the business and applying for residency so much easier. I had no worries at all. The team overall really went out of their way to accommodate and assist us.
Nadine B.

Overall, I felt it could not have been any better. Everything was taken care of so smoothly, effortlessly, and managed very well.
Jagdish N.

The team of Vardanyan & Partners led us through the whole process seamlessly by navigating the bureaucracy end to end. Extremely professional yet personal and friendly service.
Mati H.

Why Choose Us

Decade of Excellence

Over 10 years of specialized experience in immigration and business setup.

Tailored Solutions

Our team of locally licensed, English-speaking attorneys specializes in immigration, incorporation, and compliance matters, providing bespoke legal strategies for each client.

Fast & Fluent Communication

We prioritize your concerns with a 24-hour response policy and communicate effectively in both English and Russian.

Client-Centered Approach

At Vardanyan & Partners, client care is paramount. Our emphasis on honesty and transparency ensures that you are always informed and confident in your legal journey.

Secure Transactions

Benefit from our secure online payment system without the worry of hidden charges.

Reputable & Reliable

Established in 2012, Vardanyan & Partners has built a reputation for excellence and reliability. With our team, you are not just hiring attorneys; you are partnering with insured legal experts committed to your success.

>