Personal Data Privacy Protection (PDPP) in The State of Qatar

Alhababi Law Firm | View firm profile

The importance of Data Privacy:

Data privacy refers to the manner in which a piece of information or data should be treated in accordance with its relative value. It also refers to an individual’s capacity to choose when, how, and to what degree personal information about them is shared with or conveyed to others. This personal information may include a person’s name, address, contact information, and online or offline conduct. Private life is considered a basic human right in many jurisdictions, and data protection legislation is in place to preserve that right. In addition, data privacy is vital because in order for people to be willing to interact online, they must have confidence that their personal information will be treated with care. In order to show to their customers and users that they can be trusted with their personal data, organizations implement data protection policies and procedures.

Acknowledging the importance of Data privacy by the Qatari legislator was translated into reality when Qatar was one of the first Middle Eastern countries to enact a national data privacy law (law number 13 of 2016 of Personal Data Privacy Protection). The Ministry of Transport and Communications’ Compliance and Data Protection Department (CDP) released 14 regulations on the PDPL in November 2020. The regulations clarify the law and impose additional compliance obligations on data controllers.

Law number 13 of 2016 on Protecting Personal Data Privacy:

The law consists of eight chapters and 32 articles, it took effect in the year 2017. Furthermore, the law applies on Personal data if it is any of the following:

  • Electronically processed
  • Obtained, gathered, or extracted in any other manner in advance of electronic processing.
  • Processed using a combination of computerized and manual methods.

According to the Law, each individual has the right to the privacy of their personal data. Such data may be processed only in an environment that is transparent, honest, and respectful of human dignity.

The key features of the Law are as follows:

  • It includes all personal data processed in Qatar.
  • It includes the comprehensive rights such as the right to access, deletion and rectification.
  • It obliges data controllers and companies to rectify any inaccurate disclosure of personal data to a third party
  • Data Controllers are not required to take precautions to restrict cross-border data transfers unless there is a significant danger to the controller’s privacy or personal data. Controllers should document their risk assessment and notify the appropriate regulatory authorities.
  • In the case of an incident or a breach, data controllers must report breaches to CDP of the MOTC.
  • The penalties stipulated in the law range from 1-5 million QAR.

The 2020 Regulations:

The Department of Compliance and Data Protection (CDP) issued 14 regulatory recommendations on the Law. It adds new notions not protected previously. These concepts are related to the EU’s General Data Protection Regulation (GDPR). Additionally, the requirements oblige Data Controllers to undertake privacy effect assessments and maintain records of data processing procedures.

A more detailed explanation of the 2020 CDP Regulations on PDPP will be provided in our next article.

For further information and assistance, feel free to contact us at Al-Hababi Law firm!

Authored by “Mohammad Mufid” Ratib Qurashi.

More from Alhababi Law Firm