General Data Protection Regulation – GDPR

Add a comment

in Qatar

(Articles Attached)

It is well over a year now since Qatar became the first GCC country to enact a specific national law relating to data protection.
The Data Protection Law will help build consumer trust in Qatar in the online environment and may encourage consumers to engage with innovative technologies in confidence that their data will be protected. It comes at a time when the rapid pace of technological change means that more personal data than ever before is being processed electronically, including due to the advance of big data and the internet of things.

The Personal Data Privacy Law, No 13 of 2016 on protecting personal data was issued by His Highness.

The law includes provisions related to the rights of individuals to protect the privacy of their personal data.

According to Article 2, the legislation refers only to personal data that is electronically processed, or obtained, gathered or extracted in preparation for electronic processing, or when a combination of electronic and traditional processing is used.

It does not apply to personal data processed by individuals privately or within a family context, or to any personal data gathered for official surveys and statistics.

According the law, businesses are now banned from sending direct marketing messages electronically without obtaining an individual’s prior consent.

According to the law, organizations must adhere to basic data protection responsibilities. This includes ensuring data handlers are properly trained and that necessary precautions are made to “protect personal data from loss, damage, modification, disclosure or being illegally accessed.”

It also includes articles that require consent from individuals before their personal information can be used by an organization.

According to Article 17, the owner or operator of any website related to children must put up a policy about how it manages the information of minors. These website operators must also get the consent of the child’s parent when processing their information.

Some of the highlights from the new law for organisations operating in the education sector should be aware of are as follows:

  • Promotion of responsible information handling practices: – it introduces minimum standards and overarching principles with which organisations must comply when handling personal data, including that staff must be provided with appropriate training on the subject of privacy and that measures must be taken to protect personal data from loss, damage, unauthorised modification or unauthorised disclosure.
  • Additional safeguards for children’s data: – the law creates a class of personal data known as ‘special personal data’, which warrants a greater degree of protection. This category of data includes data relating to children, which may only be processed with the prior permission of the relevant unit of the Ministry of Transport and Communications (MOTC). In addition, specific obligations will apply to the owners and operators of websites which are directed at children. For example, consent of a child’s parent or guardian must be obtained before any personal data may be processed.
  • Data breach notification obligations: Any company who suffers a data security breach which would cause ‘gross harm’ to the individuals concerned must notify both as the regulator, the MOTC as regulator and the affected individuals. Based on the language used, it is likely that any breach in which children’s data was compromised would trigger the data breach notification requirements in the law;

High financial penalties will be imposed for breach of certain provisions of the Data Protection Law. For example, a fine of up to QR1 million may be levied for a failure to notify the MOTC or an individual affected in the event of a data breach referred to above. A fine of up to QR5 million may be levied for a failure to secure approval from the MOTC before processing special personal data.

The level of fines is undoubtedly designed to drive compliance and to deter irresponsible personal data handling practices. It also highlights how seriously the Qatari government is taking the protection of an individual’s right to privacy.

Related Articles to read…

General Data Protection Regulation (Full Detailed in Wikipedia )

The Impact of EU data protection rules on Qatar BusinessesDownload (pdf)
Data Protection Law in Qatar(Download pdf)

Related Resources

Leave a comment