Privacy Law at Jordan
Jordan enacted its first comprehensive data protection legislation, the Personal Data Protection Law No. 24 of 2023 (PDPL), which came into effect on March 17, 2024. This law introduces a modern framework for the collection, processing, and transfer of personal data, aligning with international standards while addressing regional considerations.
🇯🇴 Key Provisions of Jordan's PDPL
1. Definition of Personal and Sensitive Data
Personal Data Information related to an identifiable individual, including personal, family, or locational dat.
Sensitive Personal Data Includes data revealing racial or ethnic origin, political opinions, religious beliefs, financial status, health, biometric or genetic data, criminal records, or any other data deemed sensitive by the Personal Data Protection Boar. citeturn0search0
2. *Lawful Bases for Processing
Processing personal data is permitted under the following condition: Obtaining explicit, informed consent from the data subjec. Necessity for public interest or legal obligation. Performance of contracts or protection of vital interest. Other lawful grounds as specified by the la. citeturn0search0
3. Data Subject Rights
Individuals have the right to: Access and obtain copies of their personal dat. Request corrections or updates to their dat. Withdraw consent at any tim. Request erasure of their data under certain condition. Object to processing or profilin. Be informed about data breaches that may affect the. citeturn0search0
4. *Data Transfers
Transfer of personal data outside Jordan is restricted unles: The recipient country ensures an adequate level of data protectio. The data subject has consented to the transfe. The transfer is necessary for specific legal or contractual reason. citeturn0search0
5. *Data Protection Officer (DPO)
Organizations must appoint a DPO if their core activities involve large-scale processing of personal data, processing of sensitive data, or data transfers outside Jorda. citeturn0search0
6. *Breach Notification
In the event of a data breach that poses a risk to data subjects, organizations must notify affected individuals within 24 hours and report the breach to the relevant authority within 72 hour. citeturn0search0
7. *Enforcement and Penalties
Non-compliance with the PDPL can result i: Fines ranging from JOD 1,000 to JOD 10,00. Suspension or cancellation of license. Criminal penalties for serious violations, including fines up to JOD 25,000 and imprisonmen. citeturn0search0
🧭 Summay
Jordan's PDPL establishes a comprehensive legal framework for data protection, emphasizing consent, transparency, and accountabiliy While the law aligns with international standards, concerns have been raised regarding the structure of the enforcement authority and its potential impact on independence and effectivenes Organizations operating in Jordan should assess their data processing activities to ensure compliance with the new regulatios.
RELATED Blog
0 comments