Navigating data privacy regulations

Qatar implemented Law No. (13) of 2016 ("the Personal Data Privacy Protection Law") to protect the privacy of individuals’ personal data. With this, Qatar became the first Gulf Cooperation Council (GCC) member state to issue a personal data protection law. The Ministry of Transport and Communications has been tasked to enforce the law.

Any organisation involved in the processing of personal data should adhere to the principles of transparency, fairness and respect for human dignity. Additionally, adequate technical and organisational measures should be put in place to ensure a safe custody of the personal data.

The PDPPL prescribes financial penalties for non-compliance or legislative breaches which could be up to a maximum of QAR 5,000,000.

Learn more

On 1 August 2019, Bahrain Law No. 30 of 2018 promulgating the Personal Data Protection Law (PDPL) came into force in the Kingdom. Modelled on European Union data protection laws, the PDPL is the second national law in the Gulf region to directly address the right to personal data protection and will impose obligations on businesses that collect personal data in relation to how organisations use and secure it.

Penalties go further than the GDPR by including provisions for prison sentences of up to 1 year.

The law includes additional requirements for organisations to submit their data processing registers monthly to the Authority and has shorter timelines for compliance with individuals' rights.

Egypt published a Personal Data Protection Law in July 2020 that addresses the right to personal data protection and gives multiple rights to individuals. 

According to the Law, personal data should only be collected for specific legitimate purposes and should not be retained longer than necessary. 

Organisations may need to acquire a license to process both personal and sensitive personal data. Additionally, organisations involved in the processing of personal information are expected to appoint an authorised Data Protection Officer (DPO) who will be responsible for the application of this law within the organisation. 

The Personal Data Protection Law has provisions for administrative fines and criminal penalties for non-compliance which could be up to a maximum of EGP 5m or a potential sentence of imprisonment of more than six months. 

Learn More

The DIFC Data Protection Law (DIFC Law No. 5 of 2020) has been effective since 1 July 2020 and enforceable as of 1 October 2020. The law is applicable to all DIFC registered entities. 

Influenced by the EU General Data Protection Regulation, the DIFC law combines the best practices from a variety of world class data protection laws.

The law aims to safeguard the personal data of individuals whose data is processed by organisations registered in the DIFC. Non-compliance with the law may result in fines. 

Learn More

In November 2021, the United Arab Emirates issued Federal Law No. 45 of 2021 (the UAE Data Protection Law), which set stricter standards for data privacy and protection and further increased awareness around the importance of data protection compliance. We have put together this data privacy handbook to try to simplify the requirements and help you kick-start your data privacy compliance journey. 

Download handbook 

In February 2022 the Sultanate of Oman issued the Personal Data
Protection Law, which set stricter standards for data privacy and protection and further increased awareness of the importance of data protection compliance.

The law comes into force on 13 February 2023 – and it is highly important for organisations to fully prepare themselves for compliance
with the new legal requirements by this date.

We’ve put together this Data Privacy Handbook for the Sultanate of Oman to try to simplify the requirements and help organisations kick-start their data privacy compliance journey.

Download handbook