Privacy Law at Qatar
Qatar's data protection landscape is governed by Law No. 13 of 2016, known as the Personal Data Privacy Protection Law (PDPPL), which came into effect in 2017. This law aims to regulate the processing of personal data within Qatar, ensuring transparency, fairness, and respect for individual privacy rights.
Key Provisions of the PDPPL
1. *Scope and Applicability
The PDPPL applies to all personal data processed within Qatar, whether electronically or through a combination of electronic and manual method. It encompasses data collected, received, or processed by any organization operating in Qatar.
2. *Principles of Data Processing
Organizations must adhere to the following principles when processing personal data:
Lawfulness, Fairness, and Transparency Processing must be conducted legally, fairly, and transparently.
Purpose Limitation Data should be collected for specified, legitimate purposes and not further processed in a manner incompatible with those purpose.
Data Minimization Only data necessary for the intended purpose should be collected.
Accuracy Data should be accurate and kept up to data.
Storage Limitation Data should be kept in a form which permits identification of data subjects for no longer than necessary.
Integrity and Confidentiality Data should be processed in a manner that ensures its security.
3. *Individual Rights
Individuals have the following rights under the PDPP:
Right to Access Individuals can request access to their personal data.
Right to Rectification Individuals can request correction of inaccurate or incomplete data.
Right to Erasure Individuals can request deletion of their personal data under certain condition.
Right to Restrict Processing Individuals can request limitation of data processing.
Right to Object Individuals can object to data processing based on legitimate interest.
Right to Data Portability Individuals can request their data in a structured, commonly used, and machine-readable format.
Right Not to Be Subject to Automated Decisions Individuals can object to decisions based solely on automated processing.
4. *Data Breach Notification
In the event of a data breach that may cause "serious damage" to individuals, organizations must notify both the National Cyber Governance and Assurance Affairs (NCGAA) and the affected individuals within 72 hours of becoming aware of the breach.
5. *Penalties for Non-Compliance
Organizations found in violation of the PDPPL may face fines ranging from QAR 1,000,000 to QAR 5,000,00. These penalties apply to various breaches, including failure to protect personal data, inadequate breach notification, and non-compliance with data subject right.
🛡️ Enforcement and Oversigh
The National Cyber Governance and Assurance Affairs (NCGAA), under the National Cyber Security Agency (NCSA), is responsible for overseeing the implementation and enforcement of the PDPL. The NCGAA promotes good practices, conducts audits, handles complaints, and ensures compliance with the law.
📌 Summary
Qatar's PDPPL establishes a comprehensive framework for the protection of personal data, aligning with international standards such as the EU's GP. Organizations operating in Qatar must ensure compliance with the law to protect individual privacy rights and avoid substantial penaltes.
RELATED Blog
0 comments