The Qatari government has passed a law requiring a minimum level
of protection for personal data within the State of Qatar. It is
the first GCC member state to issue a generally applicable data
protection law. Law No. 13 of 2016 Concerning Personal Data
Protection (the Data Protection Law) was issued on 3 November 2016.
It will come into full effect in six months' time (unless this
period is extended).
The Data Protection Law gives rights to natural persons whose
personal data is processed online, or obtained through any other
means in order to be processed online, or processed through a
combination of online and more conventional methods. As such, the
Data Protection Law is designed to address concerns of individuals
on the availability and security of their personal information
Some of the key points from the new law are:
Individual rights -
the rights given to individuals include the right to consent to any
processing of their personal data, and to withdraw consent at any
time. An individual will also have a right to review any personal
data being stored in relation to him or her, and to ask for it to
be corrected where it is inaccurate.
Data processors -
obligations to safe-guard personal data and to process it under
certain restrictions are imposed on companies which process
data - certain types of personal data are subject to
tighter restrictions. Sensitive personal information such as data
relating to race, health, religious beliefs, relationships and
criminal records may only be processed with the permission of the
relevant unit of the Ministry of Transport and Communications
children - information related to children is also subject
to specific restrictions, including restrictions aimed at the
owners and operators of websites which are directed at children.
For example, such websites will be required to obtain the consent
of the child's parent or guardian before any personal data may
communications made electronically (including by wired or wireless
communications) are also prohibited under the new law, where their
purpose is unsolicited direct marketing.
High financial penalties will be imposed for breach of the Data
Protection Law. For example, fines of up to QR1 million may be
levied for breach of the ban on unsolicited electronic
"spam". The level of fines will be designed to drive
compliance and deter irresponsible personal data handling
practices. They also highlight how seriously the Qatari government
is taking the protection of privacy in a fast changing
The Data Protection Law envisages further regulations being
issued by the MOTC to assist its implementation. Therefore, the
level of regulation in this area is likely to increase rather than
Spam consists of unsolicited text messages, email messages, faxes or auto-dial calls that are sent for commercial purposes.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).